Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.67%
  • Veröffentlicht 12.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:31

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

  • EPSS 0.36%
  • Veröffentlicht 12.03.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:16

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could ta...

Exploit
  • EPSS 4.08%
  • Veröffentlicht 12.03.2020 13:15:12
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as ...

Exploit
  • EPSS 3.3%
  • Veröffentlicht 12.03.2020 13:15:12
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel...

Exploit
  • EPSS 0.4%
  • Veröffentlicht 11.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:11:16

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in ...

  • EPSS 1.28%
  • Veröffentlicht 10.03.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:40:38

A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.

  • EPSS 2.42%
  • Veröffentlicht 09.03.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:01

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

  • EPSS 4.33%
  • Veröffentlicht 07.03.2020 01:15:15
  • Zuletzt bearbeitet 21.11.2024 05:40:20

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

  • EPSS 74.51%
  • Veröffentlicht 06.03.2020 15:15:14
  • Zuletzt bearbeitet 21.01.2026 02:15:47

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

  • EPSS 0.28%
  • Veröffentlicht 05.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:54:54

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because T...