Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-3069

  • EPSS 2.83%
  • Published 13.04.2016 16:59:17
  • Last modified 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8

CVE-2016-3068

  • EPSS 5%
  • Published 13.04.2016 16:59:16
  • Last modified 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

6.1

CVE-2016-2228

Exploit
  • EPSS 0.58%
  • Published 13.04.2016 16:59:12
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield...

6.1

CVE-2015-8807

Exploit
  • EPSS 0.68%
  • Published 13.04.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers ...

5.5

CVE-2015-7555

Exploit
  • EPSS 0.3%
  • Published 13.04.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.

6.5

CVE-2016-2166

  • EPSS 0.27%
  • Published 12.04.2016 14:59:11
  • Last modified 12.04.2025 10:46:40

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, whic...

7.5

CVE-2016-2216

  • EPSS 2.11%
  • Published 07.04.2016 21:59:02
  • Last modified 12.04.2025 10:46:40

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded U...

9.8

CVE-2016-0729

  • EPSS 24.19%
  • Published 07.04.2016 21:59:01
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corrupti...

7.5

CVE-2016-2086

  • EPSS 0.45%
  • Published 07.04.2016 21:59:01
  • Last modified 12.04.2025 10:46:40

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

7.5

CVE-2016-3125

  • EPSS 1.37%
  • Published 05.04.2016 20:59:00
  • Last modified 12.04.2025 10:46:40

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecif...