Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2014-4978

  • EPSS 0.05%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.

7.5

CVE-2014-8119

  • EPSS 2.41%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

7.5

CVE-2015-8008

  • EPSS 0.55%
  • Veröffentlicht 29.12.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

6.1

CVE-2017-16876

  • EPSS 0.58%
  • Veröffentlicht 29.12.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

6.5

CVE-2017-16818

  • EPSS 0.36%
  • Veröffentlicht 20.12.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, r...

7.5

CVE-2016-1254

  • EPSS 3.04%
  • Veröffentlicht 05.12.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

9.8

CVE-2015-5739

  • EPSS 10.07%
  • Veröffentlicht 18.10.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" ...

9.8

CVE-2015-5740

  • EPSS 6.04%
  • Veröffentlicht 18.10.2017 20:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.

9.8

CVE-2015-7687

Exploit
  • EPSS 10.14%
  • Veröffentlicht 16.10.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.

6.5

CVE-2014-9092

  • EPSS 1.31%
  • Veröffentlicht 10.10.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.