Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-29385

  • EPSS 0.66%
  • Published 26.12.2020 02:15:12
  • Last modified 29.04.2025 13:13:41

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop wi...

7.5

CVE-2020-35679

  • EPSS 1.71%
  • Published 24.12.2020 16:15:15
  • Last modified 21.11.2024 05:27:49

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

7.5

CVE-2020-35680

  • EPSS 4.23%
  • Published 24.12.2020 16:15:15
  • Last modified 21.11.2024 05:27:49

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine doe...

10

CVE-2020-27846

Exploit
  • EPSS 11.09%
  • Published 21.12.2020 16:15:13
  • Last modified 21.11.2024 05:21:55

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

7.1

CVE-2020-27781

  • EPSS 0.04%
  • Published 18.12.2020 21:15:12
  • Last modified 21.11.2024 05:21:49

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. ...

6.1

CVE-2020-35474

Exploit
  • EPSS 0.47%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:21

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

7.5

CVE-2020-35475

  • EPSS 0.59%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side...

5.3

CVE-2020-35477

Exploit
  • EPSS 0.55%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" ...

6.1

CVE-2020-35478

Exploit
  • EPSS 0.45%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

6.1

CVE-2020-35479

Exploit
  • EPSS 0.86%
  • Published 18.12.2020 08:15:15
  • Last modified 21.11.2024 05:27:22

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects Me...