Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-9983

  • EPSS 2.2%
  • Veröffentlicht 16.10.2020 17:15:18
  • Zuletzt bearbeitet 21.11.2024 05:41:38

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.

6.1

CVE-2020-26934

  • EPSS 2.79%
  • Veröffentlicht 10.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:32

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

9.8

CVE-2020-26935

Exploit
  • EPSS 80.07%
  • Veröffentlicht 10.10.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:32

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject mali...

7.8

CVE-2020-26880

  • EPSS 0.04%
  • Veröffentlicht 07.10.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:24

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable...

7.5

CVE-2020-25862

Exploit
  • EPSS 0.3%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.

7.5

CVE-2020-25863

Exploit
  • EPSS 0.25%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:55

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

7.5

CVE-2020-25866

Exploit
  • EPSS 0.97%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:18:56

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasona...

7.5

CVE-2020-26575

  • EPSS 2.23%
  • Veröffentlicht 06.10.2020 15:15:15
  • Zuletzt bearbeitet 21.11.2024 05:20:06

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

7.5

CVE-2020-25613

  • EPSS 0.27%
  • Veröffentlicht 06.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:14

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issu...

5.5

CVE-2020-26571

  • EPSS 0.04%
  • Veröffentlicht 06.10.2020 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:20:06

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.