Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2020-10543

  • EPSS 3.94%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:32

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

8.6

CVE-2020-10878

  • EPSS 0.11%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:16

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

7.7

CVE-2020-13692

  • EPSS 7.54%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:44

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

7.4

CVE-2020-13777

  • EPSS 0.63%
  • Veröffentlicht 04.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:50

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...

7.5

CVE-2020-11080

  • EPSS 0.68%
  • Veröffentlicht 03.06.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:44

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e...

8.2

CVE-2020-13379

Exploit
  • EPSS 93.09%
  • Veröffentlicht 03.06.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:08

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b...

6

CVE-2020-10749

  • EPSS 5.19%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:59

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending...

5.9

CVE-2020-13254

  • EPSS 8.67%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:53

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

6.1

CVE-2020-13596

  • EPSS 0.99%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:34

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

6.7

CVE-2020-13776

  • EPSS 0.13%
  • Veröffentlicht 03.06.2020 03:15:10
  • Zuletzt bearbeitet 09.06.2025 16:15:31

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because...