Fedoraproject: >> Fedora >> 24 Security Vulnerabilities
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-02-03
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVSS Score
8.4
EPSS Score
0.001
Published
2017-01-19
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-01-13
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-01-12
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-01-12
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
CVSS Score
7.8
EPSS Score
0.172
Published
2016-12-13
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
CVSS Score
9.8
EPSS Score
0.009
Published
2016-12-13
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
CVSS Score
7.5
EPSS Score
0.009
Published
2016-12-13
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-12-13
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
CVSS Score
9.8
EPSS Score
0.007
Published
2016-12-13