Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-2581

  • EPSS 1.99%
  • Veröffentlicht 28.01.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 02:06:34

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

5.5

CVE-2020-0549

  • EPSS 0.12%
  • Veröffentlicht 28.01.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 04:53:43

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

7.5

CVE-2020-7238

Exploit
  • EPSS 1.69%
  • Veröffentlicht 27.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:53

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

7.5

CVE-2015-9541

  • EPSS 0.9%
  • Veröffentlicht 24.01.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 02:40:53

Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.

9.8

CVE-2014-4172

  • EPSS 6.74%
  • Veröffentlicht 24.01.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 02:09:38

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitr...

9.8

CVE-2019-17570

Exploit
  • EPSS 70.52%
  • Veröffentlicht 23.01.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:33

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apa...

6.5

CVE-2015-5745

Exploit
  • EPSS 1.92%
  • Veröffentlicht 23.01.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 02:33:45

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5

CVE-2015-5239

  • EPSS 5.06%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:37

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.5

CVE-2015-5278

  • EPSS 1.85%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:42

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

4.7

CVE-2019-18222

  • EPSS 0.13%
  • Veröffentlicht 23.01.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:52

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.