Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.11%
  • Veröffentlicht 22.06.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:47

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.

  • EPSS 1.46%
  • Veröffentlicht 22.06.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:46

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

  • EPSS 2.29%
  • Veröffentlicht 21.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:04:30

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates i...

  • EPSS 1.82%
  • Veröffentlicht 19.06.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:27

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they w...

  • EPSS 0.37%
  • Veröffentlicht 18.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:24:05

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing t...

  • EPSS 0.26%
  • Veröffentlicht 18.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:04

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attack...

  • EPSS 2.05%
  • Veröffentlicht 18.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be ...

  • EPSS 2.36%
  • Veröffentlicht 18.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.

  • EPSS 12.83%
  • Veröffentlicht 18.06.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:03:13

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary...

  • EPSS 3.6%
  • Veröffentlicht 18.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 03:35:19

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.