Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.09%
  • Veröffentlicht 29.03.2021 14:15:18
  • Zuletzt bearbeitet 03.11.2025 22:15:47

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

  • EPSS 1.22%
  • Veröffentlicht 26.03.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:48:02

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulne...

  • EPSS 1.39%
  • Veröffentlicht 26.03.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:48:02

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for misse...

  • EPSS 0.83%
  • Veröffentlicht 26.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:15

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corrupti...

  • EPSS 8.74%
  • Veröffentlicht 25.03.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:36

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this v...

  • EPSS 0.63%
  • Veröffentlicht 25.03.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:36

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to cra...

Exploit
  • EPSS 0.76%
  • Veröffentlicht 25.03.2021 19:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:32

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when open...

  • EPSS 0.15%
  • Veröffentlicht 25.03.2021 19:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:32

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning th...

  • EPSS 62.91%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

  • EPSS 18.34%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly ...