Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-1901

Exploit
  • EPSS 4.37%
  • Veröffentlicht 20.01.2016 16:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

4.3

CVE-2016-1900

  • EPSS 0.65%
  • Veröffentlicht 20.01.2016 16:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or c...

4.3

CVE-2016-1899

  • EPSS 0.65%
  • Veröffentlicht 20.01.2016 16:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype para...

5.5

CVE-2015-5295

  • EPSS 1.64%
  • Veröffentlicht 20.01.2016 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files ...

5.3

CVE-2016-1494

Exploit
  • EPSS 3.13%
  • Veröffentlicht 13.01.2016 15:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

7.4

CVE-2015-8466

  • EPSS 0.34%
  • Veröffentlicht 13.01.2016 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

7.5

CVE-2016-1232

  • EPSS 0.71%
  • Veröffentlicht 12.01.2016 20:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.

5.9

CVE-2016-1231

  • EPSS 0.74%
  • Veröffentlicht 12.01.2016 20:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

7.4

CVE-2015-8400

  • EPSS 0.56%
  • Veröffentlicht 12.01.2016 19:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.

8.6

CVE-2015-1779

  • EPSS 5.57%
  • Veröffentlicht 12.01.2016 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.