Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-1782

  • EPSS 5.09%
  • Published 13.03.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

7.2

CVE-2015-2151

  • EPSS 0.24%
  • Published 12.03.2015 14:59:03
  • Last modified 12.04.2025 10:46:40

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly...

2.1

CVE-2015-2045

  • EPSS 0.08%
  • Published 12.03.2015 14:59:01
  • Last modified 12.04.2025 10:46:40

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

4

CVE-2014-8112

  • EPSS 0.27%
  • Published 10.03.2015 14:59:01
  • Last modified 12.04.2025 10:46:40

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re...

5

CVE-2014-8105

  • EPSS 0.44%
  • Published 10.03.2015 14:59:00
  • Last modified 12.04.2025 10:46:40

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

5

CVE-2015-2206

  • EPSS 0.92%
  • Published 09.03.2015 17:59:10
  • Last modified 12.04.2025 10:46:40

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, ...

6.4

CVE-2015-1464

  • EPSS 0.35%
  • Published 09.03.2015 14:59:06
  • Last modified 12.04.2025 10:46:40

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

5

CVE-2015-1165

  • EPSS 0.39%
  • Published 09.03.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

7.1

CVE-2014-9472

  • EPSS 0.88%
  • Published 09.03.2015 14:59:02
  • Last modified 12.04.2025 10:46:40

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

5

CVE-2015-0886

  • EPSS 2.55%
  • Published 28.02.2015 02:59:35
  • Last modified 12.04.2025 10:46:40

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi...