Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2020-1759

  • EPSS 0.41%
  • Published 13.04.2020 13:15:13
  • Last modified 21.11.2024 05:11:19

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and pote...

7.5

CVE-2013-7488

Exploit
  • EPSS 1.01%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 02:01:08

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

7.5

CVE-2020-11612

  • EPSS 1.85%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 04:58:14

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m...

7.4

CVE-2020-11501

  • EPSS 11.49%
  • Published 03.04.2020 13:15:13
  • Last modified 21.11.2024 04:58:01

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes...

7.8

CVE-2020-8835

Exploit
  • EPSS 24.72%
  • Published 02.04.2020 18:15:18
  • Last modified 21.11.2024 05:39:32

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5....

8.8

CVE-2020-11100

  • EPSS 75.55%
  • Published 02.04.2020 15:15:17
  • Last modified 21.11.2024 04:56:47

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

6.1

CVE-2020-1927

  • EPSS 11.3%
  • Published 02.04.2020 00:15:13
  • Last modified 21.11.2024 05:11:37

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

8.1

CVE-2020-6096

  • EPSS 4.07%
  • Published 01.04.2020 22:15:18
  • Last modified 21.11.2024 05:35:05

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in ...

5.3

CVE-2020-1934

  • EPSS 41.87%
  • Published 01.04.2020 20:15:15
  • Last modified 21.11.2024 05:11:38

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.6

CVE-2019-14905

  • EPSS 0.05%
  • Published 31.03.2020 17:15:26
  • Last modified 21.11.2024 04:27:39

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code c...