Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2019-12098

  • EPSS 3.73%
  • Published 15.05.2019 23:29:00
  • Last modified 21.11.2024 04:22:11

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

7.5

CVE-2019-8936

Exploit
  • EPSS 8.16%
  • Published 15.05.2019 16:29:01
  • Last modified 21.11.2024 04:50:41

NTP through 4.2.8p12 has a NULL Pointer Dereference.

5.5

CVE-2019-11833

  • EPSS 0.03%
  • Published 15.05.2019 13:29:00
  • Last modified 21.11.2024 04:21:51

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

9

CVE-2019-11328

Exploit
  • EPSS 0.84%
  • Published 14.05.2019 21:29:01
  • Last modified 21.11.2024 04:20:53

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/in...

8.1

CVE-2019-12083

Exploit
  • EPSS 0.85%
  • Published 13.05.2019 20:29:02
  • Last modified 21.11.2024 04:22:10

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be s...

3.3

CVE-2019-11884

  • EPSS 0.05%
  • Published 10.05.2019 22:29:00
  • Last modified 21.11.2024 04:21:57

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a...

9.8

CVE-2019-11831

  • EPSS 7.36%
  • Published 09.05.2019 04:29:01
  • Last modified 21.11.2024 04:21:50

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/b...

7.5

CVE-2019-11494

  • EPSS 0.86%
  • Published 08.05.2019 18:29:00
  • Last modified 21.11.2024 04:21:11

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

7.5

CVE-2019-11499

  • EPSS 0.75%
  • Published 08.05.2019 17:29:00
  • Last modified 21.11.2024 04:21:12

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

9.3

CVE-2019-7443

  • EPSS 1.66%
  • Published 07.05.2019 19:29:01
  • Last modified 21.11.2024 04:48:14

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. I...