Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-20 | CVE-2016-2038 | Information Exposure vulnerability in multiple products phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | 5.0 |
| 2016-02-19 | CVE-2016-2270 | Improper Input Validation vulnerability in multiple products Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | 4.6 |
| 2016-02-16 | CVE-2016-0753 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | 5.3 |
| 2016-02-13 | CVE-2016-1526 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | 5.8 |
| 2016-02-13 | CVE-2016-1523 | Multiple Security vulnerability in Libgraphite The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. | 4.3 |
| 2016-02-13 | CVE-2016-1522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font. | 9.3 |
| 2016-02-13 | CVE-2016-1521 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | 6.8 |
| 2016-02-08 | CVE-2015-7513 | Divide By Zero vulnerability in multiple products arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | 4.9 |
| 2016-01-26 | CVE-2016-1926 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. | 4.3 |
| 2016-01-22 | CVE-2016-1572 | Improper Privilege Management vulnerability in multiple products mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | 4.6 |