Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2014-3499

  • EPSS 0.03%
  • Published 11.07.2014 14:55:04
  • Last modified 12.04.2025 10:46:40

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

10

CVE-2014-0247

  • EPSS 7.12%
  • Published 03.07.2014 17:55:05
  • Last modified 12.04.2025 10:46:40

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

5

CVE-2014-0477

Exploit
  • EPSS 1.42%
  • Published 03.07.2014 17:55:05
  • Last modified 12.04.2025 10:46:40

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

6.8

CVE-2014-4668

  • EPSS 0.6%
  • Published 02.07.2014 04:14:17
  • Last modified 12.04.2025 10:46:40

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password...

7.4

CVE-2014-0224

Exploit
  • EPSS 92.69%
  • Published 05.06.2014 21:55:07
  • Last modified 12.04.2025 10:46:40

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

4.3

CVE-2014-3470

  • EPSS 91.4%
  • Published 05.06.2014 21:55:07
  • Last modified 12.04.2025 10:46:40

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen...

6.8

CVE-2014-0195

  • EPSS 90.91%
  • Published 05.06.2014 21:55:06
  • Last modified 12.04.2025 10:46:40

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary c...

4.3

CVE-2014-0221

  • EPSS 82.1%
  • Published 05.06.2014 21:55:06
  • Last modified 12.04.2025 10:46:40

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS...

1.9

CVE-2014-3956

  • EPSS 0.1%
  • Published 04.06.2014 11:19:13
  • Last modified 12.04.2025 10:46:40

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom ma...

5

CVE-2013-2014

  • EPSS 2.37%
  • Published 02.06.2014 15:55:09
  • Last modified 12.04.2025 10:46:40

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.