Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-19906

Exploit
  • EPSS 0.4%
  • Veröffentlicht 19.12.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:37

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c ...

5.9

CVE-2019-16782

  • EPSS 1.63%
  • Veröffentlicht 18.12.2019 20:15:16
  • Zuletzt bearbeitet 13.02.2025 15:37:40

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id....

8.1

CVE-2018-1311

  • EPSS 3.86%
  • Veröffentlicht 18.12.2019 20:15:15
  • Zuletzt bearbeitet 21.11.2024 03:59:36

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl...

7.5

CVE-2019-3992

Exploit
  • EPSS 4.03%
  • Veröffentlicht 17.12.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:01

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can access the server's configuration file by sending an HTTP GET request. Amongst the configuration data, the attacker may gain ac...

7.5

CVE-2019-3993

Exploit
  • EPSS 11.61%
  • Veröffentlicht 17.12.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:01

ELOG 3.1.4-57bea22 and below is affected by an information disclosure vulnerability. A remote unauthenticated attacker can recover a user's password hash by sending a crafted HTTP POST request.

7.5

CVE-2019-3994

Exploit
  • EPSS 2.8%
  • Veröffentlicht 17.12.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:01

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to...

7.5

CVE-2019-3995

Exploit
  • EPSS 7.96%
  • Veröffentlicht 17.12.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:01

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request.

7.5

CVE-2019-3996

Exploit
  • EPSS 3.52%
  • Veröffentlicht 17.12.2019 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:01

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

6.5

CVE-2019-19783

  • EPSS 1.35%
  • Veröffentlicht 16.12.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:22

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a ...

5.5

CVE-2019-19797

Exploit
  • EPSS 0.08%
  • Veröffentlicht 15.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:24

read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.