Vulnerabilities > Fedoraproject > Fedora > 24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-18 | CVE-2016-3071 | Improper Input Validation vulnerability in multiple products Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | 7.5 |
| 2016-04-18 | CVE-2015-8106 | Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | 7.8 |
| 2016-04-15 | CVE-2016-3144 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | 5.4 |
| 2016-04-07 | CVE-2016-0729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. | 9.8 |
| 2016-03-09 | CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. | 8.6 |
| 2016-03-09 | CVE-2016-1285 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. | 6.8 |
| 2016-02-20 | CVE-2016-2039 | Information Exposure vulnerability in multiple products libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | 5.3 |