Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-3177

Exploit
  • EPSS 0.07%
  • Veröffentlicht 19.01.2021 06:15:12
  • Zuletzt bearbeitet 18.12.2025 15:15:48

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to ...

7.5

CVE-2020-36193

Warnung
  • EPSS 71.15%
  • Veröffentlicht 18.01.2021 20:15:12
  • Zuletzt bearbeitet 07.11.2025 22:03:02

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

7.5

CVE-2020-35733

  • EPSS 0.22%
  • Veröffentlicht 15.01.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:27:58

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.

7.2

CVE-2020-26262

Exploit
  • EPSS 0.34%
  • Veröffentlicht 13.01.2021 19:15:16
  • Zuletzt bearbeitet 21.11.2024 05:19:41

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending ...

8.1

CVE-2020-28374

  • EPSS 0.28%
  • Veröffentlicht 13.01.2021 04:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:41

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c938...

5

CVE-2021-1723

  • EPSS 4.58%
  • Veröffentlicht 12.01.2021 20:15:34
  • Zuletzt bearbeitet 21.11.2024 05:44:58

ASP.NET Core and Visual Studio Denial of Service Vulnerability

5.9

CVE-2020-25657

  • EPSS 0.41%
  • Veröffentlicht 12.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:22

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to con...

2.5

CVE-2021-23239

Exploit
  • EPSS 0.15%
  • Veröffentlicht 12.01.2021 09:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:25

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

7.8

CVE-2021-23240

Exploit
  • EPSS 0.23%
  • Veröffentlicht 12.01.2021 09:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:25

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in p...

7.1

CVE-2020-35653

  • EPSS 0.29%
  • Veröffentlicht 12.01.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:46

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.