Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-1783

  • EPSS 1.06%
  • Veröffentlicht 11.08.2017 21:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

9.8

CVE-2015-6816

Exploit
  • EPSS 2.11%
  • Veröffentlicht 09.08.2017 18:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

6.5

CVE-2017-11368

  • EPSS 0.68%
  • Veröffentlicht 09.08.2017 18:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

7.5

CVE-2015-3405

  • EPSS 16.56%
  • Veröffentlicht 09.08.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot...

5.5

CVE-2015-5203

  • EPSS 0.6%
  • Veröffentlicht 02.08.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

5.5

CVE-2015-5221

  • EPSS 0.23%
  • Veröffentlicht 25.07.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

7.5

CVE-2015-5194

  • EPSS 8.41%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

7.5

CVE-2015-5195

  • EPSS 7.93%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5

CVE-2015-5219

  • EPSS 2.24%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5

CVE-2015-5300

  • EPSS 36.84%
  • Veröffentlicht 21.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option,...