Vulnerabilities > Fedoraproject > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2016-01-20	CVE-2016-1899	CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. network high complexity fedoraproject cgit-project	3.7
2016-01-20	CVE-2016-1900	CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. network high complexity fedoraproject cgit-project	3.7
2014-10-15	CVE-2014-3566	Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. network high complexity redhat ibm apple mageia novell opensuse fedoraproject openssl netbsd debian oracle CWE-310	3.4