Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.73%
  • Veröffentlicht 10.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:01

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can pro...

  • EPSS 89.74%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

Exploit
  • EPSS 90.04%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:02

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Exploit
  • EPSS 58.72%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 01.05.2025 15:40:19

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev...

  • EPSS 1.21%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the e...

  • EPSS 1.64%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:55

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given ...

  • EPSS 1.34%
  • Veröffentlicht 06.08.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:51

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computa...

  • EPSS 4.73%
  • Veröffentlicht 06.08.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:07:15

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

  • EPSS 1.26%
  • Veröffentlicht 05.08.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd con...

  • EPSS 0.23%
  • Veröffentlicht 05.08.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:04:50

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permi...