Vulnerabilities > Fedoraproject > Fedora > 22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-22 | CVE-2016-1572 | Improper Privilege Management vulnerability in multiple products mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | 8.4 |
| 2016-01-20 | CVE-2016-1901 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. | 9.8 |
| 2016-01-20 | CVE-2016-1900 | CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | 3.7 |
| 2016-01-20 | CVE-2016-1899 | CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. | 3.7 |
| 2016-01-13 | CVE-2016-1494 | Improper Input Validation vulnerability in multiple products The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | 5.3 |
| 2016-01-12 | CVE-2016-1232 | The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. | 7.5 |
| 2016-01-12 | CVE-2016-1231 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. | 5.9 |
| 2016-01-12 | CVE-2015-8400 | 7PK - Security Features vulnerability in multiple products The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | 7.4 |
| 2016-01-12 | CVE-2015-1779 | Resource Exhaustion vulnerability in multiple products The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | 8.6 |
| 2016-01-08 | CVE-2015-5254 | Improper Input Validation vulnerability in multiple products Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | 9.8 |