Fedoraproject: >> Fedora Security Vulnerabilities
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVSS Score
6.8
EPSS Score
0.001
Published
2016-12-23
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
CVSS Score
7.3
EPSS Score
0.003
Published
2016-12-23
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
CVSS Score
7.8
EPSS Score
0.163
Published
2016-12-13
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
CVSS Score
9.8
EPSS Score
0.012
Published
2016-12-13
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
CVSS Score
7.5
EPSS Score
0.009
Published
2016-12-13
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-12-13
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-12-13
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
CVSS Score
9.8
EPSS Score
0.048
Published
2016-12-13
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
CVSS Score
9.8
EPSS Score
0.032
Published
2016-12-13
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
CVSS Score
9.8
EPSS Score
0.032
Published
2016-12-13