Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.81%
  • Veröffentlicht 27.02.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:37

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

  • EPSS 1.7%
  • Veröffentlicht 27.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:32

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.

  • EPSS 1.54%
  • Veröffentlicht 27.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:32

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (o...

  • EPSS 2.4%
  • Veröffentlicht 27.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:32

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com att...

  • EPSS 5.96%
  • Veröffentlicht 26.02.2020 16:15:19
  • Zuletzt bearbeitet 21.11.2024 05:40:19

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the...

Exploit
  • EPSS 0.5%
  • Veröffentlicht 25.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:32

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to ...

Exploit
  • EPSS 0.9%
  • Veröffentlicht 25.02.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:39:26

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

Exploit
  • EPSS 88.9%
  • Veröffentlicht 25.02.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:39:27

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the se...

Warnung Exploit
  • EPSS 99.27%
  • Veröffentlicht 24.02.2020 22:15:12
  • Zuletzt bearbeitet 27.10.2025 17:37:12

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t...

  • EPSS 2.92%
  • Veröffentlicht 24.02.2020 18:15:22
  • Zuletzt bearbeitet 21.11.2024 05:40:29

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.