Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 14.3%
  • Veröffentlicht 06.12.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:36:48

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d...

  • EPSS 2.2%
  • Veröffentlicht 06.12.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 01:38:33

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.

Warnung
  • EPSS 96.82%
  • Veröffentlicht 06.12.2019 16:15:11
  • Zuletzt bearbeitet 30.10.2025 19:52:21

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

  • EPSS 0.36%
  • Veröffentlicht 06.12.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 01:37:19

A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file.

  • EPSS 3.87%
  • Veröffentlicht 06.12.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:34:35

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this fl...

  • EPSS 1.58%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:27

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

  • EPSS 1.58%
  • Veröffentlicht 05.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:36:28

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

  • EPSS 0.46%
  • Veröffentlicht 05.12.2019 19:15:15
  • Zuletzt bearbeitet 21.11.2024 01:36:26

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner.

  • EPSS 0.62%
  • Veröffentlicht 05.12.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:40:38

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the r...

  • EPSS 0.45%
  • Veröffentlicht 04.12.2019 22:15:15
  • Zuletzt bearbeitet 21.11.2024 04:34:59

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-1...