Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.99%
  • Veröffentlicht 16.07.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:37

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client ev...

  • EPSS 1.93%
  • Veröffentlicht 16.07.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:37

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS pr...

Exploit
  • EPSS 3.3%
  • Veröffentlicht 16.07.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:22

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

  • EPSS 1.65%
  • Veröffentlicht 16.07.2019 13:15:10
  • Zuletzt bearbeitet 21.11.2024 04:17:56

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdum...

Exploit
  • EPSS 1.21%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

Exploit
  • EPSS 0.97%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file.

Exploit
  • EPSS 1.46%
  • Veröffentlicht 15.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm...

Exploit
  • EPSS 1.53%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector...

Exploit
  • EPSS 1.46%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav fil...

Exploit
  • EPSS 1.5%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:10

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav...