Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2015-5165

  • EPSS 9.72%
  • Veröffentlicht 12.08.2015 14:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

7.2

CVE-2015-5154

  • EPSS 0.39%
  • Veröffentlicht 12.08.2015 14:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

7.5

CVE-2015-2059

  • EPSS 0.83%
  • Veröffentlicht 12.08.2015 14:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bou...

5

CVE-2015-1840

Exploit
  • EPSS 0.32%
  • Veröffentlicht 26.07.2015 22:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a di...

6.8

CVE-2015-4588

Exploit
  • EPSS 5.72%
  • Veröffentlicht 01.07.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.

6.8

CVE-2015-0848

  • EPSS 4.68%
  • Veröffentlicht 01.07.2015 14:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

7.5

CVE-2015-4454

  • EPSS 0.64%
  • Veröffentlicht 17.06.2015 18:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.

7.5

CVE-2015-4342

  • EPSS 3.76%
  • Veröffentlicht 17.06.2015 18:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

4.3

CVE-2015-2665

  • EPSS 0.43%
  • Veröffentlicht 17.06.2015 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2015-3209

  • EPSS 20.57%
  • Veröffentlicht 15.06.2015 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.