Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.97%
  • Veröffentlicht 02.10.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges ...

  • EPSS 8.27%
  • Veröffentlicht 30.09.2014 16:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which...

  • EPSS 7.83%
  • Veröffentlicht 30.09.2014 16:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) d...

  • EPSS 0.43%
  • Veröffentlicht 20.08.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

Exploit
  • EPSS 5.41%
  • Veröffentlicht 29.07.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bo...

  • EPSS 0.38%
  • Veröffentlicht 29.07.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

  • EPSS 0.38%
  • Veröffentlicht 23.07.2014 14:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

  • EPSS 7.14%
  • Veröffentlicht 20.07.2014 11:12:50
  • Zuletzt bearbeitet 06.05.2026 22:30:45

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

  • EPSS 0.39%
  • Veröffentlicht 11.07.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

  • EPSS 3.92%
  • Veröffentlicht 03.07.2014 17:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.