Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2015-0374

  • EPSS 0.24%
  • Veröffentlicht 21.01.2015 18:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.

3.5

CVE-2014-6568

  • EPSS 0.39%
  • Veröffentlicht 21.01.2015 15:28:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.

5

CVE-2014-9601

  • EPSS 1.21%
  • Veröffentlicht 16.01.2015 16:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

5.8

CVE-2015-1051

  • EPSS 0.63%
  • Veröffentlicht 15.01.2015 15:59:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

5

CVE-2014-8738

Exploit
  • EPSS 6.06%
  • Veröffentlicht 15.01.2015 15:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

2.1

CVE-2014-9585

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.01.2015 21:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the ...

6.9

CVE-2014-9529

  • EPSS 0.11%
  • Veröffentlicht 09.01.2015 21:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that...

5

CVE-2014-9221

  • EPSS 7.91%
  • Veröffentlicht 07.01.2015 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5

CVE-2014-9527

  • EPSS 1.23%
  • Veröffentlicht 06.01.2015 15:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

5

CVE-2014-9449

  • EPSS 1.47%
  • Veröffentlicht 02.01.2015 20:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.