Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-16942

  • EPSS 0.44%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

3.3

CVE-2019-17055

  • EPSS 0.09%
  • Veröffentlicht 01.10.2019 14:15:51
  • Zuletzt bearbeitet 21.11.2024 04:31:36

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

3.3

CVE-2019-17052

  • EPSS 0.09%
  • Veröffentlicht 01.10.2019 14:15:40
  • Zuletzt bearbeitet 21.11.2024 04:31:36

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

7.5

CVE-2019-16276

  • EPSS 10.83%
  • Veröffentlicht 30.09.2019 19:15:08
  • Zuletzt bearbeitet 21.11.2024 04:30:26

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

9.8

CVE-2019-16928

Warnung Exploit
  • EPSS 90.59%
  • Veröffentlicht 27.09.2019 21:15:10
  • Zuletzt bearbeitet 07.03.2025 14:24:42

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

6.5

CVE-2019-9433

  • EPSS 3.02%
  • Veröffentlicht 27.09.2019 19:15:29
  • Zuletzt bearbeitet 21.11.2024 04:51:38

In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVers...

7.1

CVE-2019-9371

  • EPSS 9.25%
  • Veröffentlicht 27.09.2019 19:15:24
  • Zuletzt bearbeitet 21.11.2024 04:51:31

In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: An...

6.5

CVE-2019-9325

  • EPSS 4.98%
  • Veröffentlicht 27.09.2019 19:15:21
  • Zuletzt bearbeitet 21.11.2024 04:51:25

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: A...

8.8

CVE-2019-9278

  • EPSS 7.45%
  • Veröffentlicht 27.09.2019 19:15:19
  • Zuletzt bearbeitet 21.11.2024 04:51:20

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitatio...