Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-1860

  • EPSS 5.25%
  • Veröffentlicht 12.05.2015 19:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.

6.8

CVE-2015-1859

  • EPSS 4.4%
  • Veröffentlicht 12.05.2015 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code ...

6.8

CVE-2015-1858

  • EPSS 2.45%
  • Veröffentlicht 12.05.2015 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted B...

2.9

CVE-2015-3340

  • EPSS 0.63%
  • Veröffentlicht 28.04.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

6.8

CVE-2015-1774

  • EPSS 12.65%
  • Veröffentlicht 28.04.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-...

5

CVE-2015-3148

  • EPSS 2.13%
  • Veröffentlicht 24.04.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5

CVE-2015-3145

  • EPSS 63.7%
  • Veröffentlicht 24.04.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...

5

CVE-2015-0844

  • EPSS 0.65%
  • Veröffentlicht 14.04.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

10

CVE-2015-2806

  • EPSS 9.35%
  • Veröffentlicht 10.04.2015 15:00:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

7.5

CVE-2015-2782

  • EPSS 5.45%
  • Veröffentlicht 08.04.2015 18:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.