Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.45%
  • Veröffentlicht 06.06.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:02:02

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

  • EPSS 0.34%
  • Veröffentlicht 05.06.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:02:02

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).

  • EPSS 3.68%
  • Veröffentlicht 05.06.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:01

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arb...

  • EPSS 5.97%
  • Veröffentlicht 05.06.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:08

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

  • EPSS 11.33%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:32

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

  • EPSS 4.88%
  • Veröffentlicht 05.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:56:16

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

  • EPSS 4.09%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:44

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

  • EPSS 17.51%
  • Veröffentlicht 04.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:50

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...

  • EPSS 5.32%
  • Veröffentlicht 03.06.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:44

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e...

Exploit
  • EPSS 99.86%
  • Veröffentlicht 03.06.2020 19:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:08

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b...