Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-11097

  • EPSS 0.19%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

6.5

CVE-2020-11098

  • EPSS 0.17%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.

6.5

CVE-2020-11099

  • EPSS 0.18%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:47

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.

5.5

CVE-2020-11095

  • EPSS 0.24%
  • Veröffentlicht 22.06.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

5.9

CVE-2020-14954

  • EPSS 10.15%
  • Veröffentlicht 21.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:04:30

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates i...

7.5

CVE-2020-14929

  • EPSS 0.38%
  • Veröffentlicht 19.06.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:27

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they w...

3.3

CVE-2019-13033

  • EPSS 0.07%
  • Veröffentlicht 18.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:24:05

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing t...

4.2

CVE-2020-13882

  • EPSS 0.05%
  • Veröffentlicht 18.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:04

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attack...

9.8

CVE-2017-9103

  • EPSS 0.81%
  • Veröffentlicht 18.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be ...

9.8

CVE-2017-9104

  • EPSS 0.67%
  • Veröffentlicht 18.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.