Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-11287

Exploit
  • EPSS 3.05%
  • Veröffentlicht 23.11.2019 00:15:10
  • Zuletzt bearbeitet 02.04.2025 14:13:43

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of servi...

9.8

CVE-2019-18622

  • EPSS 0.88%
  • Veröffentlicht 22.11.2019 21:15:10
  • Zuletzt bearbeitet 21.11.2024 04:33:23

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

4.7

CVE-2015-7810

Exploit
  • EPSS 0.11%
  • Veröffentlicht 22.11.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 02:37:26

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

8.1

CVE-2019-18887

  • EPSS 0.81%
  • Veröffentlicht 21.11.2019 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:46

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

7.5

CVE-2019-18888

  • EPSS 2.74%
  • Veröffentlicht 21.11.2019 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:47

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary argu...

9.8

CVE-2019-18889

  • EPSS 2.55%
  • Veröffentlicht 21.11.2019 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:33:47

An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

5.5

CVE-2019-19221

Exploit
  • EPSS 0.08%
  • Veröffentlicht 21.11.2019 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:21

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

7.5

CVE-2019-19203

Exploit
  • EPSS 0.73%
  • Veröffentlicht 21.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:19

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read...

7.5

CVE-2019-19204

Exploit
  • EPSS 8.95%
  • Veröffentlicht 21.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:19

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

6.1

CVE-2015-2793

Exploit
  • EPSS 1.29%
  • Veröffentlicht 21.11.2019 20:15:15
  • Zuletzt bearbeitet 21.11.2024 02:28:05

Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.