Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-4909

Exploit
  • EPSS 9.19%
  • Veröffentlicht 29.07.2014 14:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bo...

2.1

CVE-2014-0103

  • EPSS 0.08%
  • Veröffentlicht 29.07.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

1.2

CVE-2014-3537

  • EPSS 0.05%
  • Veröffentlicht 23.07.2014 14:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

5

CVE-2014-4341

  • EPSS 14.45%
  • Veröffentlicht 20.07.2014 11:12:50
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

7.2

CVE-2014-3499

  • EPSS 0.03%
  • Veröffentlicht 11.07.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

10

CVE-2014-0247

  • EPSS 6.61%
  • Veröffentlicht 03.07.2014 17:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

5

CVE-2014-0477

Exploit
  • EPSS 1.42%
  • Veröffentlicht 03.07.2014 17:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.

6.8

CVE-2014-4668

  • EPSS 0.6%
  • Veröffentlicht 02.07.2014 04:14:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password...

7.4

CVE-2014-0224

Exploit
  • EPSS 93.21%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

4.3

CVE-2014-3470

  • EPSS 91.26%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen...