Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2019-11328

Exploit
  • EPSS 0.84%
  • Veröffentlicht 14.05.2019 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:53

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/in...

8.1

CVE-2019-12083

Exploit
  • EPSS 1.1%
  • Veröffentlicht 13.05.2019 20:29:02
  • Zuletzt bearbeitet 21.11.2024 04:22:10

The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be s...

3.3

CVE-2019-11884

  • EPSS 0.05%
  • Veröffentlicht 10.05.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:57

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a...

9.8

CVE-2019-11831

  • EPSS 9.52%
  • Veröffentlicht 09.05.2019 04:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:50

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/b...

7.5

CVE-2019-11494

  • EPSS 0.73%
  • Veröffentlicht 08.05.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:11

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

7.5

CVE-2019-11499

  • EPSS 0.87%
  • Veröffentlicht 08.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:21:12

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

9.3

CVE-2019-7443

  • EPSS 1.66%
  • Veröffentlicht 07.05.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:48:14

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. I...

9.1

CVE-2019-11036

  • EPSS 1.72%
  • Veröffentlicht 03.05.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:24

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

7.8

CVE-2019-5429

  • EPSS 0.31%
  • Veröffentlicht 29.04.2019 15:29:02
  • Zuletzt bearbeitet 21.11.2024 04:44:55

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

7.8

CVE-2019-3843

  • EPSS 0.13%
  • Veröffentlicht 26.04.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:41

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access res...