Vulnerabilities > Fedoraproject > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-13 | CVE-2016-7948 | Out-of-bounds Write vulnerability in multiple products X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. | 9.8 |
| 2016-12-13 | CVE-2016-7947 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. | 9.8 |
| 2016-12-13 | CVE-2016-7944 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. | 9.8 |
| 2016-12-13 | CVE-2016-7943 | Out-of-bounds Write vulnerability in multiple products The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. | 9.8 |
| 2016-12-13 | CVE-2016-7942 | Out-of-bounds Write vulnerability in multiple products The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. | 9.8 |
| 2016-12-13 | CVE-2016-5407 | Out-of-bounds Read vulnerability in multiple products The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | 9.8 |
| 2016-12-09 | CVE-2016-9013 | Use of Hard-coded Credentials vulnerability in multiple products Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. | 9.8 |
| 2016-10-07 | CVE-2016-7167 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-10-03 | CVE-2016-7405 | SQL Injection vulnerability in multiple products The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | 9.8 |
| 2016-08-19 | CVE-2016-6254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet. | 9.1 |