Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2016-5385

  • EPSS 84.16%
  • Published 19.07.2016 02:00:17
  • Last modified 12.04.2025 10:46:40

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker...

5.5

CVE-2015-8808

  • EPSS 0.29%
  • Published 13.07.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

5.5

CVE-2015-3192

  • EPSS 1.38%
  • Published 12.07.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) vi...

7.5

CVE-2016-5244

  • EPSS 0.77%
  • Published 27.06.2016 10:59:11
  • Last modified 12.04.2025 10:46:40

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

7.5

CVE-2016-4414

  • EPSS 2.9%
  • Published 13.06.2016 19:59:08
  • Last modified 12.04.2025 10:46:40

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

9.1

CVE-2015-8869

  • EPSS 2.81%
  • Published 13.06.2016 19:59:01
  • Last modified 12.04.2025 10:46:40

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

9.8

CVE-2016-3720

  • EPSS 0.21%
  • Published 10.06.2016 15:59:04
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

7.8

CVE-2016-3096

  • EPSS 0.08%
  • Published 03.06.2016 14:59:04
  • Last modified 12.04.2025 10:46:40

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container ...

7.5

CVE-2016-3075

  • EPSS 10.88%
  • Published 01.06.2016 20:59:03
  • Last modified 12.04.2025 10:46:40

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

7.5

CVE-2016-1234

Exploit
  • EPSS 1.18%
  • Published 01.06.2016 20:59:00
  • Last modified 12.04.2025 10:46:40

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.