Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-10754

  • EPSS 0.25%
  • Veröffentlicht 08.06.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:00

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happe...

7.5

CVE-2020-13625

Exploit
  • EPSS 2.74%
  • Veröffentlicht 08.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:37

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.

4.4

CVE-2020-13696

  • EPSS 0.04%
  • Veröffentlicht 08.06.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:45

An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker wi...

7.8

CVE-2020-12695

  • EPSS 3.98%
  • Veröffentlicht 08.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:00:05

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger is...

6.5

CVE-2020-12803

  • EPSS 1.16%
  • Veröffentlicht 08.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:19

ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which...

5.3

CVE-2020-12802

  • EPSS 0.49%
  • Veröffentlicht 08.06.2020 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:00:19

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include rem...

7.5

CVE-2020-13871

Exploit
  • EPSS 2.44%
  • Veröffentlicht 06.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:02

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

5.5

CVE-2020-13867

  • EPSS 0.07%
  • Veröffentlicht 05.06.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:02:02

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).

6.3

CVE-2020-8555

  • EPSS 8.61%
  • Veröffentlicht 05.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:01

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arb...

7.5

CVE-2020-12723

  • EPSS 0.19%
  • Veröffentlicht 05.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:08

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.