Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2020-15114

  • EPSS 0.41%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the e...

6.5

CVE-2020-15136

  • EPSS 0.31%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:55

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given ...

7.5

CVE-2020-15115

  • EPSS 0.33%
  • Veröffentlicht 06.08.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:51

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computa...

7.5

CVE-2020-16845

  • EPSS 0.19%
  • Veröffentlicht 06.08.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:07:15

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

6.5

CVE-2020-15112

  • EPSS 0.11%
  • Veröffentlicht 05.08.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd con...

7.1

CVE-2020-15113

  • EPSS 0.02%
  • Veröffentlicht 05.08.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permi...

6.5

CVE-2020-15106

  • EPSS 0.1%
  • Veröffentlicht 05.08.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:04:49

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an ex...

6.7

CVE-2020-14344

  • EPSS 0.16%
  • Veröffentlicht 05.08.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:03

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running...

9.8

CVE-2020-17353

  • EPSS 1.26%
  • Veröffentlicht 05.08.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:07:56

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.

4.3

CVE-2020-16116

  • EPSS 0.86%
  • Veröffentlicht 03.08.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:06:47

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.