Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.37%
  • Veröffentlicht 11.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:59

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe...

Exploit
  • EPSS 4.28%
  • Veröffentlicht 09.09.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:17:41

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Exploit
  • EPSS 0.57%
  • Veröffentlicht 09.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:39

In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_connt...

Exploit
  • EPSS 0.65%
  • Veröffentlicht 09.09.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:03

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this ...

Exploit
  • EPSS 3.73%
  • Veröffentlicht 04.09.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:26

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...

Exploit
  • EPSS 3.67%
  • Veröffentlicht 04.09.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

  • EPSS 3.04%
  • Veröffentlicht 02.09.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:47

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restorati...

Exploit
  • EPSS 3.65%
  • Veröffentlicht 02.09.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:58

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

  • EPSS 1.5%
  • Veröffentlicht 02.09.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:15:23

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

  • EPSS 2.53%
  • Veröffentlicht 02.09.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:13

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s...