Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.53%
  • Veröffentlicht 04.12.2018 16:29:00
  • Zuletzt bearbeitet 03.12.2025 19:15:47

In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

  • EPSS 2.3%
  • Veröffentlicht 04.12.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:40

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishan...

Exploit
  • EPSS 2.54%
  • Veröffentlicht 04.12.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:40

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvun...

  • EPSS 1.52%
  • Veröffentlicht 29.11.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:01

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 c...

Exploit
  • EPSS 8.16%
  • Veröffentlicht 29.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:18

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

  • EPSS 2.21%
  • Veröffentlicht 16.11.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:41

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

Exploit
  • EPSS 1.24%
  • Veröffentlicht 17.10.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:53

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of ser...

  • EPSS 2.25%
  • Veröffentlicht 17.10.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:53

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.

Exploit
  • EPSS 1.3%
  • Veröffentlicht 17.10.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:53

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.

  • EPSS 4.02%
  • Veröffentlicht 05.10.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:44:03

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.