Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.97%
  • Veröffentlicht 04.05.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:52

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versi...

Exploit
  • EPSS 2.56%
  • Veröffentlicht 04.05.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:23

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied...

  • EPSS 0.31%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:10

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

Exploit
  • EPSS 99.02%
  • Veröffentlicht 29.04.2020 22:15:11
  • Zuletzt bearbeitet 13.04.2026 15:16:29

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in...

Warnung Exploit
  • EPSS 83.83%
  • Veröffentlicht 29.04.2020 21:15:11
  • Zuletzt bearbeitet 07.11.2025 19:32:52

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...

Exploit
  • EPSS 0.47%
  • Veröffentlicht 29.04.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:44

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encr...

  • EPSS 0.32%
  • Veröffentlicht 29.04.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:44

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

  • EPSS 0.4%
  • Veröffentlicht 29.04.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:49

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade...

  • EPSS 6.81%
  • Veröffentlicht 28.04.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:55:47

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavi...

  • EPSS 2.81%
  • Veröffentlicht 27.04.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:33:38

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configu...