Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2014-4172

  • EPSS 6.74%
  • Veröffentlicht 24.01.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 02:09:38

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitr...

9.8

CVE-2019-17570

Exploit
  • EPSS 70.52%
  • Veröffentlicht 23.01.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:33

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apa...

6.5

CVE-2015-5745

Exploit
  • EPSS 1.92%
  • Veröffentlicht 23.01.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 02:33:45

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

6.5

CVE-2015-5239

  • EPSS 5.06%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:37

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

6.5

CVE-2015-5278

  • EPSS 1.85%
  • Veröffentlicht 23.01.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 02:32:42

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

4.7

CVE-2019-18222

  • EPSS 0.06%
  • Veröffentlicht 23.01.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:32:52

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

7.5

CVE-2019-20388

  • EPSS 0.56%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:38:21

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5

CVE-2020-7595

  • EPSS 0.47%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:37:26

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5

CVE-2019-19886

  • EPSS 4.01%
  • Veröffentlicht 21.01.2020 22:15:15
  • Zuletzt bearbeitet 03.07.2025 20:59:18

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeade...

6.5

CVE-2019-14907

  • EPSS 8.97%
  • Veröffentlicht 21.01.2020 18:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such st...