Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-1521

  • EPSS 0.75%
  • Published 13.02.2016 02:59:06
  • Last modified 12.04.2025 10:46:40

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary ...

6.5

CVE-2015-7513

  • EPSS 0.08%
  • Published 08.02.2016 03:59:01
  • Last modified 12.04.2025 10:46:40

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_v...

6.1

CVE-2016-1926

Exploit
  • EPSS 0.72%
  • Published 26.01.2016 19:59:09
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

8.4

CVE-2016-1572

  • EPSS 0.05%
  • Published 22.01.2016 15:59:07
  • Last modified 12.04.2025 10:46:40

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

9.8

CVE-2016-1901

Exploit
  • EPSS 4.37%
  • Published 20.01.2016 16:59:05
  • Last modified 12.04.2025 10:46:40

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

4.3

CVE-2016-1900

  • EPSS 0.65%
  • Published 20.01.2016 16:59:04
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or c...

4.3

CVE-2016-1899

  • EPSS 0.65%
  • Published 20.01.2016 16:59:03
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype para...

5.5

CVE-2015-5295

  • EPSS 1.64%
  • Published 20.01.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files ...

5.3

CVE-2016-1494

Exploit
  • EPSS 5.09%
  • Published 13.01.2016 15:59:02
  • Last modified 12.04.2025 10:46:40

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

7.4

CVE-2015-8466

  • EPSS 0.34%
  • Published 13.01.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.