Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.8%
  • Veröffentlicht 03.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

  • EPSS 6.35%
  • Veröffentlicht 30.01.2017 21:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

  • EPSS 3.57%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

  • EPSS 4.33%
  • Veröffentlicht 23.01.2017 21:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (...

  • EPSS 0.58%
  • Veröffentlicht 19.01.2017 20:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.

  • EPSS 0.38%
  • Veröffentlicht 19.01.2017 20:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

  • EPSS 2.36%
  • Veröffentlicht 13.01.2017 16:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

  • EPSS 3.22%
  • Veröffentlicht 13.01.2017 16:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

  • EPSS 1.52%
  • Veröffentlicht 12.01.2017 23:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "s...

  • EPSS 96.94%
  • Veröffentlicht 12.01.2017 23:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.