) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/o:fedoraproject:fedora:24
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-8106 |
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. Published: April 18, 2016; 10:59:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2016-3144 |
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. Published: April 15, 2016; 11:59:02 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2016-0729 |
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. Published: April 07, 2016; 5:59:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-1286 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Published: March 09, 2016; 6:59:03 PM -0500 |
V3.1: 8.6 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-1285 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Published: March 09, 2016; 6:59:02 PM -0500 |
V3.1: 6.8 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-2039 |
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. Published: February 19, 2016; 8:59:02 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2015-4454 |
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Published: June 17, 2015; 2:59:09 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-4342 |
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Published: June 17, 2015; 2:59:07 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2015-2665 |
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: June 17, 2015; 2:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |