Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2020-1045

  • EPSS 20.4%
  • Veröffentlicht 11.09.2020 17:15:18
  • Zuletzt bearbeitet 21.11.2024 05:09:37

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with th...

7.5

CVE-2020-15166

  • EPSS 0.3%
  • Veröffentlicht 11.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:59

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with...

6.1

CVE-2020-15169

  • EPSS 1.15%
  • Veröffentlicht 11.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:59

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe...

7.5

CVE-2020-25219

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.09.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:17:41

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

6

CVE-2020-25211

Exploit
  • EPSS 0.03%
  • Veröffentlicht 09.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:39

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_connt...

7

CVE-2020-14342

Exploit
  • EPSS 0.16%
  • Veröffentlicht 09.09.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:03

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this ...

7.5

CVE-2020-24659

Exploit
  • EPSS 3.4%
  • Veröffentlicht 04.09.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:26

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...

6.5

CVE-2020-24977

Exploit
  • EPSS 0.5%
  • Veröffentlicht 04.09.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

8.8

CVE-2020-15094

  • EPSS 2.25%
  • Veröffentlicht 02.09.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:47

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restorati...

6.1

CVE-2020-24553

Exploit
  • EPSS 0.18%
  • Veröffentlicht 02.09.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:58

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.