Fedoraproject: >> Fedora Security Vulnerabilities
libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-12
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-11-12
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
CVSS Score
5.5
EPSS Score
0.01
Published
2019-11-11
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-08
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
CVSS Score
7.5
EPSS Score
0.027
Published
2019-11-08
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.
CVSS Score
4.3
EPSS Score
0.006
Published
2019-11-07
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-07
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-11-07
A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures, aka CID-45c1380358b1.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-07
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
CVSS Score
7.5
EPSS Score
0.046
Published
2019-11-07