Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.7%
  • Veröffentlicht 11.09.2016 10:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via c...

  • EPSS 2.59%
  • Veröffentlicht 07.09.2016 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Exploit
  • EPSS 18.86%
  • Veröffentlicht 07.09.2016 18:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invali...

  • EPSS 5.7%
  • Veröffentlicht 19.08.2016 21:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.

  • EPSS 0.4%
  • Veröffentlicht 13.08.2016 01:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.

  • EPSS 8.04%
  • Veröffentlicht 10.08.2016 14:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

  • EPSS 5.01%
  • Veröffentlicht 09.08.2016 21:59:27
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot mana...

  • EPSS 58.57%
  • Veröffentlicht 07.08.2016 21:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Exploit
  • EPSS 7.5%
  • Veröffentlicht 07.08.2016 10:59:13
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based ...

Exploit
  • EPSS 0.79%
  • Veröffentlicht 02.08.2016 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.