Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-9221

  • EPSS 7.91%
  • Veröffentlicht 07.01.2015 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5

CVE-2014-9527

  • EPSS 1.23%
  • Veröffentlicht 06.01.2015 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

5

CVE-2014-9449

  • EPSS 1.47%
  • Veröffentlicht 02.01.2015 20:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.

4.3

CVE-2014-8109

  • EPSS 17.55%
  • Veröffentlicht 29.12.2014 23:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows rem...

5

CVE-2014-8132

  • EPSS 3.29%
  • Veröffentlicht 29.12.2014 00:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

3.5

CVE-2014-5353

  • EPSS 0.87%
  • Veröffentlicht 16.12.2014 23:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via...

5

CVE-2014-8964

  • EPSS 2.09%
  • Veröffentlicht 16.12.2014 18:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

5

CVE-2014-8124

  • EPSS 0.97%
  • Veröffentlicht 12.12.2014 15:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests...

4.3

CVE-2014-8488

Exploit
  • EPSS 0.26%
  • Veröffentlicht 10.12.2014 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

7.5

CVE-2014-9274

Exploit
  • EPSS 5.94%
  • Veröffentlicht 09.12.2014 23:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".