Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.9

CVE-2015-3340

  • EPSS 0.63%
  • Veröffentlicht 28.04.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

6.8

CVE-2015-1774

  • EPSS 12.65%
  • Veröffentlicht 28.04.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-...

5

CVE-2015-3148

  • EPSS 2.13%
  • Veröffentlicht 24.04.2015 14:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

7.5

CVE-2015-3145

  • EPSS 63.7%
  • Veröffentlicht 24.04.2015 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via...

5

CVE-2015-0844

  • EPSS 0.65%
  • Veröffentlicht 14.04.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.

10

CVE-2015-2806

  • EPSS 9.35%
  • Veröffentlicht 10.04.2015 15:00:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

7.5

CVE-2015-2782

  • EPSS 5.45%
  • Veröffentlicht 08.04.2015 18:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

5.8

CVE-2015-0557

Exploit
  • EPSS 2.1%
  • Veröffentlicht 08.04.2015 18:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.

5.8

CVE-2015-0556

Exploit
  • EPSS 2.09%
  • Veröffentlicht 08.04.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

4.9

CVE-2015-2756

  • EPSS 0.12%
  • Veröffentlicht 01.04.2015 14:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O ...