Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-1859

  • EPSS 4.4%
  • Veröffentlicht 12.05.2015 19:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code ...

6.8

CVE-2015-1858

  • EPSS 2.57%
  • Veröffentlicht 12.05.2015 19:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted B...

2.9

CVE-2015-3340

  • EPSS 0.63%
  • Veröffentlicht 28.04.2015 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

6.8

CVE-2015-1774

  • EPSS 7.4%
  • Veröffentlicht 28.04.2015 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-...

5

CVE-2015-3148

  • EPSS 1.42%
  • Veröffentlicht 24.04.2015 14:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5

CVE-2015-3145

  • EPSS 67.99%
  • Veröffentlicht 24.04.2015 14:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...

5

CVE-2015-0844

  • EPSS 0.65%
  • Veröffentlicht 14.04.2015 18:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

10

CVE-2015-2806

  • EPSS 9.35%
  • Veröffentlicht 10.04.2015 15:00:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

7.5

CVE-2015-2782

  • EPSS 5.45%
  • Veröffentlicht 08.04.2015 18:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

5.8

CVE-2015-0557

Exploit
  • EPSS 2.1%
  • Veröffentlicht 08.04.2015 18:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.