Fedoraproject: >> Fedora >> 24 Security Vulnerabilities
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
CVSS Score
9.8
EPSS Score
0.048
Published
2016-12-13
X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.
CVSS Score
9.8
EPSS Score
0.032
Published
2016-12-13
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
CVSS Score
9.8
EPSS Score
0.032
Published
2016-12-13
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-12-13
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-12-13
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
CVSS Score
9.8
EPSS Score
0.006
Published
2016-12-13
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
CVSS Score
9.8
EPSS Score
0.021
Published
2016-12-13
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
CVSS Score
8.1
EPSS Score
0.049
Published
2016-12-09
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
CVSS Score
9.8
EPSS Score
0.027
Published
2016-12-09
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Known exploited
CVSS Score
7.0
EPSS Score
0.942
Published
2016-11-10