Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.92%
  • Veröffentlicht 19.04.2013 11:44:26
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s...

Exploit
  • EPSS 5.1%
  • Veröffentlicht 03.04.2013 00:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol ...

  • EPSS 1.58%
  • Veröffentlicht 25.03.2013 21:55:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the ...

  • EPSS 0.36%
  • Veröffentlicht 01.03.2013 05:40:15
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for contex...

  • EPSS 50.25%
  • Veröffentlicht 13.02.2013 17:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE...

  • EPSS 4.9%
  • Veröffentlicht 13.02.2013 01:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly ex...

  • EPSS 5.77%
  • Veröffentlicht 08.02.2013 20:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (c...

Exploit
  • EPSS 1.16%
  • Veröffentlicht 18.01.2013 11:48:40
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Exploit
  • EPSS 12.51%
  • Veröffentlicht 28.12.2012 11:48:44
  • Zuletzt bearbeitet 16.06.2026 23:45:15

The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

  • EPSS 1.43%
  • Veröffentlicht 20.11.2012 00:55:00
  • Zuletzt bearbeitet 16.06.2026 23:43:03

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.