Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-14813

  • EPSS 8.45%
  • Veröffentlicht 06.09.2019 14:15:15
  • Zuletzt bearbeitet 21.11.2024 04:27:24

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se...

6.4

CVE-2019-15946

  • EPSS 0.05%
  • Veröffentlicht 05.09.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

6.4

CVE-2019-15945

  • EPSS 0.06%
  • Veröffentlicht 05.09.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

4.4

CVE-2019-15718

Exploit
  • EPSS 0.11%
  • Veröffentlicht 04.09.2019 12:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:19

In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivile...

7.8

CVE-2019-14811

Exploit
  • EPSS 1.73%
  • Veröffentlicht 03.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:24

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disabl...

7.8

CVE-2019-14817

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:25

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could dis...

7.5

CVE-2019-12402

  • EPSS 0.38%
  • Veröffentlicht 30.08.2019 09:15:17
  • Zuletzt bearbeitet 21.11.2024 04:22:45

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi...

9.8

CVE-2019-11500

Exploit
  • EPSS 38.85%
  • Veröffentlicht 29.08.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:21:12

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.

7.8

CVE-2019-15538

  • EPSS 16.43%
  • Veröffentlicht 25.08.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:57

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_...

6.5

CVE-2019-15531

  • EPSS 1.11%
  • Veröffentlicht 23.08.2019 17:15:14
  • Zuletzt bearbeitet 21.11.2024 04:28:56

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.