Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2017-1000050
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-07-17
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVSS Score
5.9
EPSS Score
0.02
Published
2017-07-06
CVE-2016-6342
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-27
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-06-13
CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVSS Score
7.5
EPSS Score
0.009
Published
2017-06-13
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-13
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-06-08
CVE-2016-9960
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-06
CVE-2016-9961
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-06-06
CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
CVSS Score
8.8
EPSS Score
0.727
Published
2017-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved