Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 22.51%
  • Veröffentlicht 05.03.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:33

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggreg...

Exploit
  • EPSS 0.76%
  • Veröffentlicht 04.03.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:54:40

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl...

  • EPSS 4.99%
  • Veröffentlicht 02.03.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 04:54:39

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memor...

  • EPSS 2.49%
  • Veröffentlicht 28.02.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:45

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as ...

Exploit
  • EPSS 2.71%
  • Veröffentlicht 27.02.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:40:37

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

Exploit
  • EPSS 6.38%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:37

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploit
  • EPSS 1.64%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:37

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploit
  • EPSS 1.66%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:37

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Warnung Exploit
  • EPSS 78.81%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 24.10.2025 21:04:01

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploit
  • EPSS 3.11%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:37

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.