Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.17%
  • Veröffentlicht 13.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:22

ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file.

Exploit
  • EPSS 1.17%
  • Veröffentlicht 13.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:23

ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file.

  • EPSS 1.98%
  • Veröffentlicht 13.12.2019 01:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:10

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre...

  • EPSS 3.27%
  • Veröffentlicht 13.12.2019 01:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:09

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the ...

  • EPSS 3.34%
  • Veröffentlicht 13.12.2019 01:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:10

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field wou...

  • EPSS 1.34%
  • Veröffentlicht 12.12.2019 20:15:17
  • Zuletzt bearbeitet 21.11.2024 04:35:20

In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).

Exploit
  • EPSS 1.19%
  • Veröffentlicht 12.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:18

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.

Exploit
  • EPSS 26.72%
  • Veröffentlicht 12.12.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 03:20:32

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

  • EPSS 0.5%
  • Veröffentlicht 11.12.2019 18:16:19
  • Zuletzt bearbeitet 21.11.2024 04:34:58

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU,...

  • EPSS 0.39%
  • Veröffentlicht 11.12.2019 18:16:19
  • Zuletzt bearbeitet 21.11.2024 04:34:58

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves ei...