Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-8990

Exploit
  • EPSS 4.31%
  • Veröffentlicht 05.12.2014 16:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5

CVE-2014-9220

  • EPSS 0.44%
  • Veröffentlicht 03.12.2014 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

7.5

CVE-2014-9093

  • EPSS 3.33%
  • Veröffentlicht 26.11.2014 15:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

6.1

CVE-2010-5312

Exploit
  • EPSS 3.85%
  • Veröffentlicht 24.11.2014 16:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

4

CVE-2014-7821

  • EPSS 1.45%
  • Veröffentlicht 24.11.2014 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

5

CVE-2013-0334

  • EPSS 0.5%
  • Veröffentlicht 31.10.2014 14:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

4.3

CVE-2014-3566

  • EPSS 94.02%
  • Veröffentlicht 15.10.2014 00:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

4.3

CVE-2014-1573

  • EPSS 0.87%
  • Veröffentlicht 13.10.2014 01:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-sit...

5

CVE-2014-1572

  • EPSS 1.1%
  • Veröffentlicht 13.10.2014 01:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for th...

4

CVE-2014-1571

  • EPSS 0.5%
  • Veröffentlicht 13.10.2014 01:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, ...