Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-3146

  • EPSS 2.85%
  • Veröffentlicht 13.04.2016 17:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted S...

8.8

CVE-2016-3630

  • EPSS 5.19%
  • Veröffentlicht 13.04.2016 16:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

3.8

CVE-2016-3159

  • EPSS 0.04%
  • Veröffentlicht 13.04.2016 16:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest ...

3.8

CVE-2016-3158

  • EPSS 0.04%
  • Veröffentlicht 13.04.2016 16:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by ...

8.8

CVE-2016-3069

  • EPSS 2.83%
  • Veröffentlicht 13.04.2016 16:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8

CVE-2016-3068

  • EPSS 5%
  • Veröffentlicht 13.04.2016 16:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

6.1

CVE-2016-2228

Exploit
  • EPSS 0.58%
  • Veröffentlicht 13.04.2016 16:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield...

6.1

CVE-2015-8807

Exploit
  • EPSS 0.68%
  • Veröffentlicht 13.04.2016 16:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers ...

5.5

CVE-2015-7555

Exploit
  • EPSS 0.47%
  • Veröffentlicht 13.04.2016 15:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.

6.5

CVE-2016-2166

  • EPSS 0.27%
  • Veröffentlicht 12.04.2016 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, whic...