Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2016-3095 | Information Exposure vulnerability in multiple products server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 5.5 |
| 2017-06-06 | CVE-2016-9961 | Numeric Errors vulnerability in multiple products game-music-emu before 0.6.1 mishandles unspecified integer values. network low complexity game-music-emu-project fedoraproject opensuse-project opensuse novell CWE-189 critical | 9.8 |
| 2017-06-06 | CVE-2016-9960 | Divide By Zero vulnerability in multiple products game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | 5.5 |
| 2017-06-01 | CVE-2017-8386 | git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | 8.8 |
| 2017-05-23 | CVE-2016-5178 | Improper Input Validation vulnerability in multiple products Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9.8 |
| 2017-05-23 | CVE-2016-5177 | Use After Free vulnerability in multiple products Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | 8.8 |
| 2017-05-02 | CVE-2016-10243 | Improper Input Validation vulnerability in multiple products TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | 9.8 |
| 2017-04-21 | CVE-2016-2173 | Improper Input Validation vulnerability in multiple products org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |