Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-8738

Exploit
  • EPSS 6.06%
  • Published 15.01.2015 15:59:14
  • Last modified 12.04.2025 10:46:40

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

2.1

CVE-2014-9585

Exploit
  • EPSS 0.05%
  • Published 09.01.2015 21:59:02
  • Last modified 12.04.2025 10:46:40

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the ...

6.9

CVE-2014-9529

  • EPSS 0.11%
  • Published 09.01.2015 21:59:00
  • Last modified 12.04.2025 10:46:40

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that...

5

CVE-2014-9221

  • EPSS 7.91%
  • Published 07.01.2015 19:59:01
  • Last modified 12.04.2025 10:46:40

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5

CVE-2014-9527

  • EPSS 1.23%
  • Published 06.01.2015 15:59:05
  • Last modified 12.04.2025 10:46:40

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

5

CVE-2014-9449

  • EPSS 1.47%
  • Published 02.01.2015 20:59:08
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

4.3

CVE-2014-8109

  • EPSS 17.55%
  • Published 29.12.2014 23:59:00
  • Last modified 12.04.2025 10:46:40

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows rem...

5

CVE-2014-8132

  • EPSS 3.29%
  • Published 29.12.2014 00:59:00
  • Last modified 12.04.2025 10:46:40

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

3.5

CVE-2014-5353

  • EPSS 0.47%
  • Published 16.12.2014 23:59:00
  • Last modified 12.04.2025 10:46:40

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via...

5

CVE-2014-8964

  • EPSS 2.09%
  • Published 16.12.2014 18:59:10
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.