Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-10663

  • EPSS 6.54%
  • Veröffentlicht 28.04.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:47

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi...

9.8

CVE-2019-18823

  • EPSS 2.82%
  • Veröffentlicht 27.04.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:33:38

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configu...

4.3

CVE-2020-11810

Exploit
  • EPSS 2.37%
  • Veröffentlicht 27.04.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:40

An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have ...

9.8

CVE-2019-20790

Exploit
  • EPSS 0.23%
  • Veröffentlicht 27.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:39:22

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

5.3

CVE-2020-12272

Exploit
  • EPSS 1.02%
  • Veröffentlicht 27.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:25

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication res...

6.1

CVE-2020-12137

  • EPSS 1.24%
  • Veröffentlicht 24.04.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:19

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, ...

9.8

CVE-2020-11945

  • EPSS 28.48%
  • Veröffentlicht 23.04.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 04:58:57

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a s...

6.1

CVE-2020-1760

  • EPSS 0.29%
  • Veröffentlicht 23.04.2020 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:19

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input.

6.5

CVE-2020-1983

Exploit
  • EPSS 0.19%
  • Veröffentlicht 22.04.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:47

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

7.8

CVE-2020-12066

  • EPSS 5.73%
  • Veröffentlicht 22.04.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:12

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.