Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2017-13752
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-08-29
CVE-2017-13746
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-08-29
CVE-2017-13747
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-08-29
CVE-2017-13748
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVSS Score
7.5
EPSS Score
0.027
Published
2017-08-29
CVE-2014-9637
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-08-25
CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVSS Score
7.5
EPSS Score
0.026
Published
2017-08-25
CVE-2015-5146
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
CVSS Score
5.3
EPSS Score
0.024
Published
2017-08-24
CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVSS Score
8.8
EPSS Score
0.938
Published
2017-08-23
CVE-2015-5258
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-22
CVE-2017-12843
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved