Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-11054

  • EPSS 0.65%
  • Veröffentlicht 07.05.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:41

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affec...

6.5

CVE-2020-12108

Exploit
  • EPSS 7.99%
  • Veröffentlicht 06.05.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:15

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

7.5

CVE-2020-10704

  • EPSS 8.93%
  • Veröffentlicht 06.05.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:53

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of ser...

6.1

CVE-2020-12666

Exploit
  • EPSS 0.16%
  • Veröffentlicht 05.05.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:00:01

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.

7.2

CVE-2020-11033

  • EPSS 0.45%
  • Veröffentlicht 05.05.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:38

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalat...

9.3

CVE-2020-11035

  • EPSS 0.24%
  • Veröffentlicht 05.05.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:38

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.

5.3

CVE-2020-10700

  • EPSS 2.86%
  • Veröffentlicht 04.05.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:52

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versi...

5.3

CVE-2020-10933

Exploit
  • EPSS 0.38%
  • Veröffentlicht 04.05.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:23

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied...

7

CVE-2020-12050

  • EPSS 0.09%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:10

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

6.1

CVE-2020-11022

Exploit
  • EPSS 19.03%
  • Veröffentlicht 29.04.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...