Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-17367

  • EPSS 0.14%
  • Veröffentlicht 11.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:07:57

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

9.8

CVE-2020-17368

  • EPSS 4.49%
  • Veröffentlicht 11.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:07:57

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.

7.8

CVE-2020-6070

Exploit
  • EPSS 0.65%
  • Veröffentlicht 10.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:01

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can pro...

7.5

CVE-2020-9490

  • EPSS 75.82%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

9.8

CVE-2020-11984

Exploit
  • EPSS 76.31%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:02

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

7.5

CVE-2020-11993

Exploit
  • EPSS 38.85%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 01.05.2025 15:40:19

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev...

7.7

CVE-2020-15114

  • EPSS 0.41%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the e...

6.5

CVE-2020-15136

  • EPSS 0.31%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:55

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given ...

7.5

CVE-2020-15115

  • EPSS 0.33%
  • Veröffentlicht 06.08.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:51

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computa...

7.5

CVE-2020-16845

  • EPSS 0.08%
  • Veröffentlicht 06.08.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:07:15

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.