Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-1232

  • EPSS 0.71%
  • Published 12.01.2016 20:59:10
  • Last modified 12.04.2025 10:46:40

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.

5.9

CVE-2016-1231

  • EPSS 0.74%
  • Published 12.01.2016 20:59:09
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

7.4

CVE-2015-8400

  • EPSS 0.56%
  • Published 12.01.2016 19:59:10
  • Last modified 12.04.2025 10:46:40

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

8.6

CVE-2015-1779

  • EPSS 5.08%
  • Published 12.01.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

8.4

CVE-2015-6566

  • EPSS 0.04%
  • Published 11.01.2016 15:59:00
  • Last modified 12.04.2025 10:46:40

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

9.8

CVE-2015-5254

  • EPSS 77.15%
  • Published 08.01.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

9.8

CVE-2016-1283

Exploit
  • EPSS 4.43%
  • Published 03.01.2016 00:59:03
  • Last modified 12.04.2025 10:46:40

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgrou...

6.9

CVE-2015-8370

Exploit
  • EPSS 2.87%
  • Published 16.12.2015 21:59:04
  • Last modified 12.04.2025 10:46:40

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get f...

4

CVE-2015-7223

  • EPSS 0.74%
  • Published 16.12.2015 11:59:21
  • Last modified 12.04.2025 10:46:40

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.

6.8

CVE-2015-7222

  • EPSS 3.35%
  • Published 16.12.2015 11:59:20
  • Last modified 12.04.2025 10:46:40

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory all...