Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.47%
  • Veröffentlicht 12.03.2015 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

  • EPSS 1.69%
  • Veröffentlicht 10.03.2015 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re...

  • EPSS 2.11%
  • Veröffentlicht 10.03.2015 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

  • EPSS 3.26%
  • Veröffentlicht 09.03.2015 17:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, ...

  • EPSS 1.99%
  • Veröffentlicht 09.03.2015 14:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

  • EPSS 2.12%
  • Veröffentlicht 09.03.2015 14:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

  • EPSS 2.83%
  • Veröffentlicht 09.03.2015 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

  • EPSS 4.8%
  • Veröffentlicht 28.02.2015 02:59:35
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi...

Exploit
  • EPSS 3.36%
  • Veröffentlicht 19.02.2015 15:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading ...

  • EPSS 0.9%
  • Veröffentlicht 17.02.2015 15:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.