Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-4342

  • EPSS 3.76%
  • Published 17.06.2015 18:59:07
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

4.3

CVE-2015-2665

  • EPSS 0.43%
  • Published 17.06.2015 18:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2015-3209

  • EPSS 5.35%
  • Published 15.06.2015 15:59:00
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

4.6

CVE-2015-4106

  • EPSS 0.09%
  • Published 03.06.2015 20:59:09
  • Last modified 12.04.2025 10:46:40

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...

7.8

CVE-2015-4047

Exploit
  • EPSS 3.59%
  • Published 29.05.2015 15:59:19
  • Last modified 12.04.2025 10:46:40

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

3.3

CVE-2015-2922

Exploit
  • EPSS 1.72%
  • Published 27.05.2015 10:59:06
  • Last modified 12.04.2025 10:46:40

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value ...

6.9

CVE-2015-2666

  • EPSS 0.1%
  • Published 27.05.2015 10:59:04
  • Last modified 12.04.2025 10:46:40

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header an...

4.3

CVE-2015-3885

  • EPSS 3.73%
  • Published 19.05.2015 18:59:07
  • Last modified 12.04.2025 10:46:40

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

2.6

CVE-2015-3455

  • EPSS 5.01%
  • Published 18.05.2015 15:59:11
  • Last modified 12.04.2025 10:46:40

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle atta...

7.8

CVE-2015-1868

  • EPSS 0.35%
  • Published 18.05.2015 15:59:05
  • Last modified 12.04.2025 10:46:40

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU c...