Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-11500

Exploit
  • EPSS 41.27%
  • Published 29.08.2019 14:15:11
  • Last modified 21.11.2024 04:21:12

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

7.8

CVE-2019-15538

  • EPSS 16.43%
  • Published 25.08.2019 16:15:11
  • Last modified 21.11.2024 04:28:57

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_...

6.5

CVE-2019-15531

  • EPSS 1.11%
  • Published 23.08.2019 17:15:14
  • Last modified 21.11.2024 04:28:56

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.

9.8

CVE-2019-10746

Exploit
  • EPSS 0.87%
  • Published 23.08.2019 17:15:13
  • Last modified 21.11.2024 04:19:50

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Published 20.08.2019 21:15:12
  • Last modified 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

9.3

CVE-2019-2126

  • EPSS 8.06%
  • Published 20.08.2019 20:15:12
  • Last modified 21.11.2024 04:40:16

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat...

7.4

CVE-2019-15237

  • EPSS 0.21%
  • Published 20.08.2019 01:15:09
  • Last modified 21.11.2024 04:28:15

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

9.8

CVE-2019-15151

Exploit
  • EPSS 0.5%
  • Published 18.08.2019 21:15:09
  • Last modified 21.11.2024 04:28:10

AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

5.5

CVE-2019-15145

Exploit
  • EPSS 0.23%
  • Published 18.08.2019 19:15:10
  • Last modified 21.11.2024 04:28:09

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a ...

5.5

CVE-2019-15142

Exploit
  • EPSS 0.18%
  • Published 18.08.2019 19:15:09
  • Last modified 21.11.2024 04:28:08

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.