Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2015-1464

  • EPSS 0.35%
  • Veröffentlicht 09.03.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

5

CVE-2015-1165

  • EPSS 0.39%
  • Veröffentlicht 09.03.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

7.1

CVE-2014-9472

  • EPSS 0.88%
  • Veröffentlicht 09.03.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

5

CVE-2015-0886

  • EPSS 2.48%
  • Veröffentlicht 28.02.2015 02:59:35
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi...

5

CVE-2014-9465

Exploit
  • EPSS 2.52%
  • Veröffentlicht 19.02.2015 15:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading ...

4.6

CVE-2015-0247

  • EPSS 0.31%
  • Veröffentlicht 17.02.2015 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

2.1

CVE-2015-1563

  • EPSS 0.08%
  • Veröffentlicht 09.02.2015 11:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

5

CVE-2014-9675

Exploit
  • EPSS 2.11%
  • Veröffentlicht 08.02.2015 11:59:36
  • Zuletzt bearbeitet 12.04.2025 10:46:40

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

7.5

CVE-2014-9674

Exploit
  • EPSS 5.12%
  • Veröffentlicht 08.02.2015 11:59:35
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based bu...

4.3

CVE-2014-9670

Exploit
  • EPSS 5.05%
  • Veröffentlicht 08.02.2015 11:59:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF f...