Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2019-11045

Exploit
  • EPSS 35.84%
  • Published 23.12.2019 03:15:11
  • Last modified 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications check...

5.3

CVE-2019-11046

  • EPSS 7.89%
  • Published 23.12.2019 03:15:11
  • Last modified 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are ide...

6.5

CVE-2019-11047

Exploit
  • EPSS 3.17%
  • Published 23.12.2019 03:15:11
  • Last modified 21.11.2024 04:20:26

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...

9.8

CVE-2019-11049

  • EPSS 3.25%
  • Published 23.12.2019 03:15:11
  • Last modified 21.11.2024 04:20:27

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double...

6.5

CVE-2019-11050

Exploit
  • EPSS 3.12%
  • Published 23.12.2019 03:15:11
  • Last modified 21.11.2024 04:20:27

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...

7.5

CVE-2019-11044

Exploit
  • EPSS 6.29%
  • Published 23.12.2019 03:15:10
  • Last modified 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications ch...

7.5

CVE-2019-16785

Exploit
  • EPSS 0.43%
  • Published 20.12.2019 23:15:11
  • Last modified 21.11.2024 04:31:11

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any pr...

7.5

CVE-2019-16786

  • EPSS 0.52%
  • Published 20.12.2019 23:15:11
  • Last modified 21.11.2024 04:31:11

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-En...

7.8

CVE-2019-19917

Exploit
  • EPSS 0.36%
  • Published 20.12.2019 20:15:12
  • Last modified 21.11.2024 04:35:39

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.

7.8

CVE-2019-19918

Exploit
  • EPSS 0.37%
  • Published 20.12.2019 20:15:12
  • Last modified 21.11.2024 04:35:39

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.