Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2020-27781

  • EPSS 0.07%
  • Veröffentlicht 18.12.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:49

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. ...

6.1

CVE-2020-35474

Exploit
  • EPSS 0.47%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:21

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

7.5

CVE-2020-35475

  • EPSS 0.59%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:22

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side...

5.3

CVE-2020-35477

Exploit
  • EPSS 0.55%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:22

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" ...

6.1

CVE-2020-35478

Exploit
  • EPSS 0.45%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:22

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

6.1

CVE-2020-35479

Exploit
  • EPSS 0.86%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:22

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects Me...

5.3

CVE-2020-35480

  • EPSS 0.34%
  • Veröffentlicht 18.12.2020 08:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:22

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing s...

7.7

CVE-2020-26258

Exploit
  • EPSS 93.68%
  • Veröffentlicht 16.12.2020 01:15:12
  • Zuletzt bearbeitet 23.05.2025 16:53:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data fro...

6.8

CVE-2020-26259

Exploit
  • EPSS 90.7%
  • Veröffentlicht 16.12.2020 01:15:12
  • Zuletzt bearbeitet 23.05.2025 16:54:02

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrar...

7.8

CVE-2020-35381

Exploit
  • EPSS 0.43%
  • Veröffentlicht 15.12.2020 21:15:15
  • Zuletzt bearbeitet 21.11.2024 05:27:14

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.