Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-9513

  • EPSS 4.36%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the...

7.8

CVE-2019-9514

  • EPSS 9.48%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p...

7.8

CVE-2019-9515

  • EPSS 4.51%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS f...

6.8

CVE-2019-9516

  • EPSS 2.29%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...

7.8

CVE-2019-9517

  • EPSS 4.56%
  • Published 13.08.2019 21:15:12
  • Last modified 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so...

7.8

CVE-2019-14934

  • EPSS 0.38%
  • Published 11.08.2019 22:15:11
  • Last modified 21.11.2024 04:27:42

An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.

9.8

CVE-2019-14234

  • EPSS 20.7%
  • Published 09.08.2019 13:15:11
  • Last modified 21.11.2024 04:26:15

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contri...

7.8

CVE-2019-14745

Exploit
  • EPSS 7.08%
  • Published 07.08.2019 15:15:14
  • Last modified 21.11.2024 04:27:15

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is du...

7.8

CVE-2019-14744

Media report Exploit
  • EPSS 1.31%
  • Published 07.08.2019 15:15:13
  • Last modified 21.11.2024 04:27:15

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated ...

8.8

CVE-2019-14732

Exploit
  • EPSS 0.5%
  • Published 07.08.2019 01:15:10
  • Last modified 21.11.2024 04:27:14

AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.