Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2015-0278

  • EPSS 1.59%
  • Published 18.05.2015 15:59:02
  • Last modified 12.04.2025 10:46:40

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

4.3

CVE-2015-3622

Exploit
  • EPSS 6.06%
  • Published 12.05.2015 19:59:24
  • Last modified 12.04.2025 10:46:40

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.

5

CVE-2015-3451

  • EPSS 4.98%
  • Published 12.05.2015 19:59:21
  • Last modified 12.04.2025 10:46:40

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

6.8

CVE-2015-1860

  • EPSS 5.38%
  • Published 12.05.2015 19:59:06
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

6.8

CVE-2015-1859

  • EPSS 4.4%
  • Published 12.05.2015 19:59:05
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code ...

6.8

CVE-2015-1858

  • EPSS 2.45%
  • Published 12.05.2015 19:59:04
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted B...

2.9

CVE-2015-3340

  • EPSS 0.63%
  • Published 28.04.2015 14:59:02
  • Last modified 12.04.2025 10:46:40

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

6.8

CVE-2015-1774

  • EPSS 30.87%
  • Published 28.04.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-...

5

CVE-2015-3148

  • EPSS 1.71%
  • Published 24.04.2015 14:59:11
  • Last modified 12.04.2025 10:46:40

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5

CVE-2015-3145

  • EPSS 63.65%
  • Published 24.04.2015 14:59:10
  • Last modified 12.04.2025 10:46:40

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...