Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 9.67%
  • Veröffentlicht 15.06.2015 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

  • EPSS 0.48%
  • Veröffentlicht 03.06.2015 20:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...

Exploit
  • EPSS 9.88%
  • Veröffentlicht 29.05.2015 15:59:19
  • Zuletzt bearbeitet 06.05.2026 22:30:45

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Exploit
  • EPSS 3.05%
  • Veröffentlicht 27.05.2015 10:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value ...

  • EPSS 0.42%
  • Veröffentlicht 27.05.2015 10:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header an...

  • EPSS 5.43%
  • Veröffentlicht 19.05.2015 18:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

  • EPSS 11.4%
  • Veröffentlicht 18.05.2015 15:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle atta...

  • EPSS 81.83%
  • Veröffentlicht 18.05.2015 15:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU c...

  • EPSS 3.24%
  • Veröffentlicht 18.05.2015 15:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

Exploit
  • EPSS 33.09%
  • Veröffentlicht 12.05.2015 19:59:24
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.