Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-13965

Warnung Exploit
  • EPSS 82.69%
  • Veröffentlicht 09.06.2020 03:15:11
  • Zuletzt bearbeitet 04.11.2025 15:00:43

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

7.5

CVE-2020-13962

Exploit
  • EPSS 1.57%
  • Veröffentlicht 09.06.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:14

Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session ...

4.3

CVE-2020-10754

  • EPSS 0.25%
  • Veröffentlicht 08.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:00

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happe...

7.5

CVE-2020-13625

Exploit
  • EPSS 2.74%
  • Veröffentlicht 08.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:37

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

4.4

CVE-2020-13696

  • EPSS 0.04%
  • Veröffentlicht 08.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:45

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker wi...

7.8

CVE-2020-12695

  • EPSS 3.54%
  • Veröffentlicht 08.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:00:05

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger is...

6.5

CVE-2020-12803

  • EPSS 1.13%
  • Veröffentlicht 08.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:19

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which...

5.3

CVE-2020-12802

  • EPSS 0.47%
  • Veröffentlicht 08.06.2020 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:00:19

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include rem...

7.5

CVE-2020-13871

Exploit
  • EPSS 2.44%
  • Veröffentlicht 06.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:02

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

5.5

CVE-2020-13867

  • EPSS 0.07%
  • Veröffentlicht 05.06.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:02:02

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).