Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2019-12447

  • EPSS 0.6%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

5.7

CVE-2019-12449

  • EPSS 0.6%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...

9.8

CVE-2019-12450

  • EPSS 0.9%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

7.8

CVE-2019-5436

Exploit
  • EPSS 29.54%
  • Veröffentlicht 28.05.2019 19:29:06
  • Zuletzt bearbeitet 21.11.2024 04:44:55

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

7

CVE-2019-10143

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.05.2019 17:29:02
  • Zuletzt bearbeitet 21.11.2024 04:18:30

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a rad...

8.8

CVE-2019-10132

  • EPSS 1.21%
  • Veröffentlicht 22.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:29

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock...

6.5

CVE-2019-12216

Exploit
  • EPSS 1.12%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:26

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

6.5

CVE-2019-12221

Exploit
  • EPSS 2.11%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:27

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

6.5

CVE-2019-12213

Exploit
  • EPSS 0.34%
  • Veröffentlicht 20.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:26

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

7.8

CVE-2019-3839

  • EPSS 0.17%
  • Veröffentlicht 16.05.2019 19:29:05
  • Zuletzt bearbeitet 21.11.2024 04:42:40

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...