Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.89%
  • Veröffentlicht 20.02.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:34

A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.

  • EPSS 8.8%
  • Veröffentlicht 19.02.2020 21:15:11
  • Zuletzt bearbeitet 13.08.2025 20:48:07

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as dem...

Exploit
  • EPSS 5.12%
  • Veröffentlicht 19.02.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:00

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS reque...

Exploit
  • EPSS 6.1%
  • Veröffentlicht 19.02.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:00

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigge...

Exploit
  • EPSS 5.16%
  • Veröffentlicht 19.02.2020 04:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:34

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-183...

Exploit
  • EPSS 2.55%
  • Veröffentlicht 17.02.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:18:31

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Exploit
  • EPSS 71.73%
  • Veröffentlicht 17.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 05:38:59

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.

Exploit
  • EPSS 1.56%
  • Veröffentlicht 14.02.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:31

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which woul...

  • EPSS 3.68%
  • Veröffentlicht 12.02.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:39:44

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel m...

Exploit
  • EPSS 5.07%
  • Veröffentlicht 12.02.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 05:39:42

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.