Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2016-12-13 CVE-2016-7948 Out-of-bounds Write vulnerability in multiple products
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
network
low complexity
x-org fedoraproject CWE-787
critical
 9.8
9.8
2016-12-13 CVE-2016-7947 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
network
low complexity
fedoraproject x-org CWE-190
critical
 9.8
9.8
2016-12-13 CVE-2016-7946 Improper Access Control vulnerability in multiple products
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
network
low complexity
x-org fedoraproject CWE-284
7.5
7.5
2016-12-13 CVE-2016-7945 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
network
low complexity
fedoraproject x-org CWE-190
7.5
7.5
2016-12-13 CVE-2016-7944 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
network
low complexity
x-org fedoraproject CWE-190
critical
 9.8
9.8
2016-12-13 CVE-2016-7943 Out-of-bounds Write vulnerability in multiple products
The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
network
low complexity
fedoraproject x-org CWE-787
critical
 9.8
9.8
2016-12-13 CVE-2016-7942 Out-of-bounds Write vulnerability in multiple products
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
network
low complexity
fedoraproject x-org CWE-787
critical
 9.8
9.8
2016-12-13 CVE-2016-5407 Out-of-bounds Read vulnerability in multiple products
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
network
low complexity
x-org fedoraproject CWE-125
critical
 9.8
9.8
2016-12-09 CVE-2016-9014 Permissions, Privileges, and Access Controls vulnerability in multiple products
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
network
high complexity
fedoraproject canonical djangoproject CWE-264
8.1
8.1
2016-12-09 CVE-2016-9013 Use of Hard-coded Credentials vulnerability in multiple products
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
network
low complexity
djangoproject canonical fedoraproject CWE-798
critical
 9.8
9.8