Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-8139

  • EPSS 0.32%
  • Published 20.03.2020 21:15:17
  • Last modified 21.11.2024 05:38:22

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.

7.5

CVE-2019-14855

Exploit
  • EPSS 0.14%
  • Published 20.03.2020 16:15:14
  • Last modified 21.11.2024 04:27:30

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

4.8

CVE-2020-5267

Exploit
  • EPSS 0.89%
  • Published 19.03.2020 18:15:16
  • Last modified 21.11.2024 05:33:48

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in...

7.5

CVE-2020-10675

Exploit
  • EPSS 0.28%
  • Published 19.03.2020 14:15:12
  • Last modified 21.11.2024 04:55:49

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

5.7

CVE-2019-20485

  • EPSS 0.2%
  • Published 19.03.2020 02:15:10
  • Last modified 21.11.2024 04:38:35

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

7.8

CVE-2020-7919

  • EPSS 0.63%
  • Published 16.03.2020 21:15:12
  • Last modified 21.11.2024 05:38:00

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

7.3

CVE-2020-6581

Exploit
  • EPSS 0.27%
  • Published 16.03.2020 18:15:12
  • Last modified 21.11.2024 05:36:00

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

7.5

CVE-2020-6582

Exploit
  • EPSS 1.65%
  • Published 16.03.2020 18:15:12
  • Last modified 21.11.2024 05:36:00

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

4.7

CVE-2020-1740

  • EPSS 0.04%
  • Published 16.03.2020 16:15:14
  • Last modified 21.11.2024 05:11:17

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp a...

4.6

CVE-2020-1735

Exploit
  • EPSS 0.14%
  • Published 16.03.2020 16:15:13
  • Last modified 21.11.2024 05:11:16

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believ...