Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.56%
  • Veröffentlicht 12.07.2016 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) vi...

  • EPSS 5.52%
  • Veröffentlicht 27.06.2016 10:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

  • EPSS 2.93%
  • Veröffentlicht 13.06.2016 19:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.

  • EPSS 5.27%
  • Veröffentlicht 13.06.2016 19:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

  • EPSS 2.78%
  • Veröffentlicht 10.06.2016 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

  • EPSS 0.47%
  • Veröffentlicht 03.06.2016 14:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container ...

  • EPSS 7.63%
  • Veröffentlicht 01.06.2016 20:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.

Exploit
  • EPSS 5.22%
  • Veröffentlicht 01.06.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.

Exploit
  • EPSS 1.82%
  • Veröffentlicht 26.05.2016 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.

  • EPSS 2.55%
  • Veröffentlicht 25.05.2016 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."