Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.73%
  • Veröffentlicht 12.01.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:22

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to con...

Exploit
  • EPSS 1.03%
  • Veröffentlicht 12.01.2021 09:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:25

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Exploit
  • EPSS 1.07%
  • Veröffentlicht 12.01.2021 09:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:25

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in p...

  • EPSS 1.5%
  • Veröffentlicht 12.01.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:46

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

  • EPSS 1.79%
  • Veröffentlicht 12.01.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:46

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

  • EPSS 1.57%
  • Veröffentlicht 12.01.2021 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:46

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

Exploit
  • EPSS 4.6%
  • Veröffentlicht 11.01.2021 16:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:52

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

  • EPSS 1.32%
  • Veröffentlicht 08.01.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:47:35

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

  • EPSS 3.1%
  • Veröffentlicht 08.01.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:47:35

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

  • EPSS 1.07%
  • Veröffentlicht 08.01.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 05:47:35

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.