Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.02%
  • Veröffentlicht 19.05.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:11

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This fla...

  • EPSS 2.43%
  • Veröffentlicht 19.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:22

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

  • EPSS 3.17%
  • Veröffentlicht 19.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:00

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

  • EPSS 3.59%
  • Veröffentlicht 19.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:01

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

  • EPSS 93.42%
  • Veröffentlicht 19.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:07

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local se...

  • EPSS 0.4%
  • Veröffentlicht 15.05.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:00:29

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

Exploit
  • EPSS 2.63%
  • Veröffentlicht 15.05.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 03:41:59

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

Exploit
  • EPSS 1.31%
  • Veröffentlicht 15.05.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:31:47

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

  • EPSS 1.79%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

  • EPSS 5.06%
  • Veröffentlicht 13.05.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 05:30:48

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap bu...