High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-05-13	CVE-2016-2850	Improper Input Validation vulnerability in multiple products Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. network low complexity fedoraproject botan-project CWE-20	7.5
2016-05-13	CVE-2016-2849	Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. network low complexity debian fedoraproject botan-project CWE-200	7.5
2016-05-13	CVE-2015-7827	Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. network low complexity fedoraproject botan-project debian CWE-200	7.5
2016-05-06	CVE-2015-8868	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. local low complexity fedoraproject debian canonical freedesktop CWE-119	7.8
2016-04-19	CVE-2016-0741	Resource Management Errors vulnerability in multiple products slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. network low complexity redhat fedoraproject CWE-399	7.5
2016-04-19	CVE-2016-3960	Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. local low complexity xen fedoraproject oracle	8.8
2016-04-18	CVE-2016-3071	Improper Input Validation vulnerability in multiple products Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. network low complexity libreswan fedoraproject CWE-20	7.5
2016-04-18	CVE-2015-8106	Use of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. local low complexity latex2rtf-project fedoraproject CWE-134	7.8
2016-04-15	CVE-2016-2146	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. network low complexity fedoraproject uninett CWE-119	7.5
2016-04-15	CVE-2016-2145	Improper Input Validation vulnerability in multiple products The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. network low complexity fedoraproject uninett CWE-20	7.5