Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 92.14%
  • Veröffentlicht 27.03.2019 14:29:01
  • Zuletzt bearbeitet 21.11.2024 04:44:54

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals t...

  • EPSS 2.13%
  • Veröffentlicht 27.03.2019 13:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:46

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forw...

  • EPSS 3.13%
  • Veröffentlicht 27.03.2019 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:34

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

  • EPSS 12.41%
  • Veröffentlicht 26.03.2019 18:29:01
  • Zuletzt bearbeitet 21.11.2024 04:46:26

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) ...

  • EPSS 4.86%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:34

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which c...

  • EPSS 0.9%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.

Exploit
  • EPSS 2.97%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:46

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha...

  • EPSS 2.64%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:39

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains i...

  • EPSS 2.64%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:40

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons...

  • EPSS 6.13%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:43

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client syst...