Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.24%
  • Veröffentlicht 18.11.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:22:40

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

  • EPSS 0.41%
  • Veröffentlicht 12.11.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:39:16

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

  • EPSS 0.44%
  • Veröffentlicht 12.11.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:39:16

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • EPSS 0.51%
  • Veröffentlicht 12.11.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:39:17

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Exploit
  • EPSS 1.63%
  • Veröffentlicht 12.11.2020 14:15:22
  • Zuletzt bearbeitet 21.11.2024 05:18:22

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

  • EPSS 0.39%
  • Veröffentlicht 10.11.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:22:40

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically i...

  • EPSS 3.19%
  • Veröffentlicht 10.11.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:53:32

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution pri...

Exploit
  • EPSS 3.08%
  • Veröffentlicht 06.11.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 03:21:16

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Warnung Exploit
  • EPSS 99.59%
  • Veröffentlicht 06.11.2020 08:15:13
  • Zuletzt bearbeitet 07.11.2025 19:32:05

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

  • EPSS 2.09%
  • Veröffentlicht 06.11.2020 08:15:13
  • Zuletzt bearbeitet 21.11.2024 05:19:59

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).