Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2019-3862

  • EPSS 5.73%
  • Published 21.03.2019 16:01:04
  • Last modified 21.11.2024 04:42:44

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Servic...

5.5

CVE-2018-19872

Exploit
  • EPSS 0.28%
  • Published 21.03.2019 16:00:32
  • Last modified 21.11.2024 03:58:43

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.

5.5

CVE-2018-18849

  • EPSS 0.07%
  • Published 21.03.2019 16:00:29
  • Last modified 21.11.2024 03:56:44

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

7.5

CVE-2018-18898

  • EPSS 1.47%
  • Published 21.03.2019 16:00:29
  • Last modified 21.11.2024 03:56:50

The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

7.5

CVE-2018-12022

  • EPSS 2.93%
  • Published 21.03.2019 16:00:12
  • Last modified 21.11.2024 03:44:25

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...

7.5

CVE-2018-12023

  • EPSS 4.9%
  • Published 21.03.2019 16:00:12
  • Last modified 21.11.2024 03:44:26

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...

7.5

CVE-2019-3816

  • EPSS 0.98%
  • Published 14.03.2019 22:29:01
  • Last modified 21.11.2024 04:42:36

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp...

7.5

CVE-2019-3833

  • EPSS 4.07%
  • Published 14.03.2019 22:29:01
  • Last modified 21.11.2024 04:42:38

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request t...

6.1

CVE-2019-9741

Exploit
  • EPSS 3.53%
  • Published 13.03.2019 08:29:00
  • Last modified 21.11.2024 04:52:12

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

5.5

CVE-2019-9704

  • EPSS 0.17%
  • Published 12.03.2019 01:29:00
  • Last modified 21.11.2024 04:52:08

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.