Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 10.51%
  • Veröffentlicht 08.04.2019 20:29:10
  • Zuletzt bearbeitet 21.11.2024 04:16:30

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

Exploit
  • EPSS 0.77%
  • Veröffentlicht 07.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:19:49

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This ...

  • EPSS 3.6%
  • Veröffentlicht 07.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:06

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

Exploit
  • EPSS 1.11%
  • Veröffentlicht 04.04.2019 16:29:03
  • Zuletzt bearbeitet 21.11.2024 04:42:47

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causi...

Exploit
  • EPSS 3.4%
  • Veröffentlicht 01.04.2019 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:39

It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.

  • EPSS 5.08%
  • Veröffentlicht 27.03.2019 20:29:03
  • Zuletzt bearbeitet 21.11.2024 03:45:24

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to th...

  • EPSS 1.34%
  • Veröffentlicht 27.03.2019 20:29:03
  • Zuletzt bearbeitet 21.11.2024 04:16:22

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

Exploit
  • EPSS 58.97%
  • Veröffentlicht 27.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:37

A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is...

Warnung Exploit
  • EPSS 98.51%
  • Veröffentlicht 27.03.2019 14:29:01
  • Zuletzt bearbeitet 30.10.2025 20:40:11

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Exploit
  • EPSS 8.67%
  • Veröffentlicht 27.03.2019 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:44:54

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.