Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.14%
  • Veröffentlicht 26.11.2014 15:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

Exploit
  • EPSS 18.35%
  • Veröffentlicht 24.11.2014 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

  • EPSS 3.94%
  • Veröffentlicht 24.11.2014 15:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

  • EPSS 3.85%
  • Veröffentlicht 31.10.2014 14:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

  • EPSS 100%
  • Veröffentlicht 15.10.2014 00:55:02
  • Zuletzt bearbeitet 28.05.2026 18:16:23

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

  • EPSS 2.33%
  • Veröffentlicht 13.10.2014 01:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-sit...

  • EPSS 1.84%
  • Veröffentlicht 13.10.2014 01:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for th...

  • EPSS 1.35%
  • Veröffentlicht 13.10.2014 01:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, ...

Exploit
  • EPSS 4.26%
  • Veröffentlicht 08.10.2014 17:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "publ...

  • EPSS 0.74%
  • Veröffentlicht 02.10.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.