Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.43%
  • Veröffentlicht 12.08.2015 14:59:25
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

  • EPSS 13.29%
  • Veröffentlicht 12.08.2015 14:59:24
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

  • EPSS 0.63%
  • Veröffentlicht 12.08.2015 14:59:23
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • EPSS 3.19%
  • Veröffentlicht 12.08.2015 14:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bou...

Exploit
  • EPSS 4.4%
  • Veröffentlicht 26.07.2015 22:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a di...

Exploit
  • EPSS 9.22%
  • Veröffentlicht 01.07.2015 14:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.

  • EPSS 8.54%
  • Veröffentlicht 01.07.2015 14:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

  • EPSS 2.25%
  • Veröffentlicht 17.06.2015 18:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.

  • EPSS 3.23%
  • Veröffentlicht 17.06.2015 18:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

  • EPSS 2.16%
  • Veröffentlicht 17.06.2015 18:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.