Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-20051

Exploit
  • EPSS 0.32%
  • Veröffentlicht 27.12.2019 22:15:11
  • Zuletzt bearbeitet 11.04.2025 12:27:55

A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.

5.5

CVE-2019-20021

Exploit
  • EPSS 0.34%
  • Veröffentlicht 27.12.2019 02:15:10
  • Zuletzt bearbeitet 11.04.2025 12:27:55

A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

8.2

CVE-2019-16789

  • EPSS 0.88%
  • Veröffentlicht 26.12.2019 17:15:13
  • Zuletzt bearbeitet 21.11.2024 04:31:11

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Spec...

7.5

CVE-2019-19956

  • EPSS 0.15%
  • Veröffentlicht 24.12.2019 16:15:11
  • Zuletzt bearbeitet 03.12.2025 19:15:50

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

5.9

CVE-2019-11045

Exploit
  • EPSS 40.95%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications check...

5.3

CVE-2019-11046

  • EPSS 8.25%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are ide...

6.5

CVE-2019-11047

Exploit
  • EPSS 3.17%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:26

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...

9.8

CVE-2019-11049

  • EPSS 2.73%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double...

6.5

CVE-2019-11050

Exploit
  • EPSS 3.12%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...

7.5

CVE-2019-11044

Exploit
  • EPSS 7.97%
  • Veröffentlicht 23.12.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications ch...