Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-1010301

Exploit
  • EPSS 0.11%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

5.5

CVE-2019-1010302

Exploit
  • EPSS 0.09%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

5.5

CVE-2019-1010305

Exploit
  • EPSS 0.6%
  • Veröffentlicht 15.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm...

5.5

CVE-2019-1010315

Exploit
  • EPSS 0.83%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector...

5.5

CVE-2019-1010317

Exploit
  • EPSS 1.38%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav fil...

5.5

CVE-2019-1010319

Exploit
  • EPSS 1.38%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:10

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav...

9.8

CVE-2019-12525

  • EPSS 55.25%
  • Veröffentlicht 11.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if t...

8.8

CVE-2019-12527

  • EPSS 12.36%
  • Veröffentlicht 11.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leadin...

5.9

CVE-2019-12529

  • EPSS 16.21%
  • Veröffentlicht 11.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be...

9.8

CVE-2019-12838

  • EPSS 3.05%
  • Veröffentlicht 11.07.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:23:41

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.