Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.54%
  • Veröffentlicht 06.07.2020 18:15:20
  • Zuletzt bearbeitet 21.11.2024 05:02:57

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

  • EPSS 2.18%
  • Veröffentlicht 02.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:27

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

  • EPSS 3.67%
  • Veröffentlicht 02.07.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:05:39

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tl...

  • EPSS 0.74%
  • Veröffentlicht 02.07.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:46

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corrupti...

  • EPSS 0.8%
  • Veröffentlicht 02.07.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:40:46

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within th...

  • EPSS 1.57%
  • Veröffentlicht 01.07.2020 23:15:10
  • Zuletzt bearbeitet 21.11.2024 05:33:44

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This...

  • EPSS 2.61%
  • Veröffentlicht 30.06.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:27

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-...

  • EPSS 5.71%
  • Veröffentlicht 30.06.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:41

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containi...

Exploit
  • EPSS 0.39%
  • Veröffentlicht 30.06.2020 12:15:12
  • Zuletzt bearbeitet 21.11.2024 05:05:29

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

  • EPSS 2.26%
  • Veröffentlicht 30.06.2020 11:15:10
  • Zuletzt bearbeitet 21.11.2024 03:21:16

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overf...