Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-3838

  • EPSS 1.41%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:40

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons...

8.8

CVE-2019-3856

  • EPSS 3.34%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client syst...

8.8

CVE-2019-3857

  • EPSS 3.34%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execut...

9.1

CVE-2019-9948

Exploit
  • EPSS 0.94%
  • Veröffentlicht 23.03.2019 18:29:02
  • Zuletzt bearbeitet 21.11.2024 04:52:39

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call...

9.3

CVE-2019-3855

  • EPSS 8.94%
  • Veröffentlicht 21.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system wh...

9.1

CVE-2019-3858

  • EPSS 1.68%
  • Veröffentlicht 21.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client mem...

8.8

CVE-2019-3871

Exploit
  • EPSS 0.03%
  • Veröffentlicht 21.03.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:45

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a re...

6.5

CVE-2019-9903

Exploit
  • EPSS 1.32%
  • Veröffentlicht 21.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:32

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

7.5

CVE-2019-9894

  • EPSS 0.94%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:31

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8

CVE-2019-9895

  • EPSS 1.06%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:31

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.