Fedoraproject

Fedora

5326 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-11454

Exploit
  • EPSS 1.18%
  • Veröffentlicht 22.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:06

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Ba...

8.1

CVE-2019-11455

Exploit
  • EPSS 2.15%
  • Veröffentlicht 22.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:21:06

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of se...

7.5

CVE-2019-11412

  • EPSS 1.76%
  • Veröffentlicht 22.04.2019 11:29:05
  • Zuletzt bearbeitet 21.11.2024 04:21:03

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

9.8

CVE-2019-11234

  • EPSS 21.56%
  • Veröffentlicht 22.04.2019 11:29:03
  • Zuletzt bearbeitet 21.11.2024 04:20:46

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

9.8

CVE-2019-11235

  • EPSS 6.01%
  • Veröffentlicht 22.04.2019 11:29:03
  • Zuletzt bearbeitet 21.11.2024 04:20:47

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar is...

6.5

CVE-2019-11372

Exploit
  • EPSS 2.82%
  • Veröffentlicht 20.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:58

An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

6.5

CVE-2019-11373

Exploit
  • EPSS 2.82%
  • Veröffentlicht 20.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:58

An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

6.1

CVE-2019-11358

Exploit
  • EPSS 0.88%
  • Veröffentlicht 20.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

7.5

CVE-2019-3885

  • EPSS 0.3%
  • Veröffentlicht 18.04.2019 18:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:47

A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.

7.8

CVE-2018-16877

  • EPSS 0.04%
  • Veröffentlicht 18.04.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:30

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.