Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2019-16910

  • EPSS 0.91%
  • Veröffentlicht 26.09.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:19

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the...

7.5

CVE-2019-14844

  • EPSS 11.7%
  • Veröffentlicht 26.09.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:29

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

5.3

CVE-2019-16738

Exploit
  • EPSS 0.42%
  • Veröffentlicht 26.09.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:05

In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.

7.1

CVE-2019-16892

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.09.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:17

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

7.5

CVE-2019-16884

Exploit
  • EPSS 0.28%
  • Veröffentlicht 25.09.2019 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:31:16

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc direct...

7.5

CVE-2019-5094

Exploit
  • EPSS 0.31%
  • Veröffentlicht 24.09.2019 22:15:13
  • Zuletzt bearbeitet 30.05.2025 19:15:24

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition ...

9.8

CVE-2019-16746

  • EPSS 2.6%
  • Veröffentlicht 24.09.2019 06:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:06

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

6.5

CVE-2019-16707

Exploit
  • EPSS 0.53%
  • Veröffentlicht 23.09.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:01

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

7.8

CVE-2019-14816

Exploit
  • EPSS 0.23%
  • Veröffentlicht 20.09.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:25

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

8.8

CVE-2019-14821

  • EPSS 0.11%
  • Veröffentlicht 19.09.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:27:25

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher...