Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2015-7977

  • EPSS 10.21%
  • Veröffentlicht 30.01.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

7.5

CVE-2016-9446

  • EPSS 1.28%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.8

CVE-2015-8854

  • EPSS 1.02%
  • Veröffentlicht 23.01.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (...

8.4

CVE-2016-7543

  • EPSS 0.1%
  • Veröffentlicht 19.01.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

8.8

CVE-2016-7545

  • EPSS 0.07%
  • Veröffentlicht 19.01.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

4.7

CVE-2016-9811

  • EPSS 0.49%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

9.8

CVE-2016-2090

  • EPSS 1.71%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

5.9

CVE-2016-10027

  • EPSS 0.39%
  • Veröffentlicht 12.01.2017 23:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "s...

9.8

CVE-2016-9299

  • EPSS 86.03%
  • Veröffentlicht 12.01.2017 23:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

5.3

CVE-2016-8605

  • EPSS 0.09%
  • Veröffentlicht 12.01.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mod...