Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-15396

Exploit
  • EPSS 0.07%
  • Veröffentlicht 30.06.2020 12:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:29

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

9.8

CVE-2017-18922

  • EPSS 4.78%
  • Veröffentlicht 30.06.2020 11:15:10
  • Zuletzt bearbeitet 21.11.2024 03:21:16

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overf...

7.8

CVE-2020-15395

Exploit
  • EPSS 0.47%
  • Veröffentlicht 30.06.2020 11:15:10
  • Zuletzt bearbeitet 21.11.2024 05:05:29

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing).

7.5

CVE-2020-4067

  • EPSS 1.1%
  • Veröffentlicht 29.06.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:14

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligent...

5.9

CVE-2020-14002

  • EPSS 0.48%
  • Veröffentlicht 29.06.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:19

PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the ...

6.5

CVE-2020-10753

  • EPSS 0.34%
  • Veröffentlicht 26.06.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:59

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file genera...

5.5

CVE-2020-15304

  • EPSS 0.12%
  • Veröffentlicht 26.06.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:05:17

An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.

5.5

CVE-2020-15305

  • EPSS 0.11%
  • Veröffentlicht 26.06.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:05:17

An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.

5.5

CVE-2020-15306

  • EPSS 0.13%
  • Veröffentlicht 26.06.2020 01:15:10
  • Zuletzt bearbeitet 21.11.2024 05:05:17

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

5.5

CVE-2020-10177

  • EPSS 0.34%
  • Veröffentlicht 25.06.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:54:55

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.