NotCVE - vendor:"Fedoraproject" product:"Fedora" version:"31"

Page 101 of 871 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1

CVE-2020-6061

https://notcve.org/view.php?id=CVE-2020-6061

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura fuera de límites en la forma en que el servidor web CoTURN 4.5.1.1 analiza las solicitudes POST. Una solicitud HTTP POST especialmente diseñada puede provocar fugas de información y otros comportamientos incorrectos. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 https://usn.ubuntu.com/4415-1 https://www.debian.org/security/2020/dsa-4711 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 1

CVE-2020-6062

https://notcve.org/view.php?id=CVE-2020-6062

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la manera en que el servidor web CoTURN versión 4.5.1.1 analiza las peticiones POST. Una petición HTTP POST especialmente diseñada puede conllevar a un bloqueo del servidor y una denegación de servicio. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 https://usn.ubuntu.com/4415-1 https://www.debian.org/security/2020/dsa-4711 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 16%CPEs: 3EXPL: 1

CVE-2019-20477 – PyYAML: command execution through python/object/apply constructor in FullLoader

https://notcve.org/view.php?id=CVE-2019-20477

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. PyYAML versiones 5.1 hasta 5.1.2, presenta restricciones insuficientes en las funciones load y load_all debido a un problema de deserialización de clase, por ejemplo, Popen es una clase en el módulo subprocess. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2017-18342. A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. • https://github.com/yaml/pyyaml/blob/master/CHANGES https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H https://www.exploit-db.com/download/47655 https://access.redhat.com/security/cve/CVE-2019-20477 https://bugzilla.redhat.com/show_bug.cgi?id=1806005 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 96%CPEs: 4EXPL: 2

CVE-2020-8518 – Horde Groupware Webmail Edition 5.2.22 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. Horde Groupware Webmail Edition versión 5.2.22, permite una inyección de código PHP arbitrario, por medio de datos CSV, conllevando a una ejecución de código remota. • https://www.exploit-db.com/exploits/48215 http://packetstormsecurity.com/files/156872/Horde-5.2.22-CSV-Import-Code-Execution.html https://lists.debian.org/debian-lts-announce/2020/04/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PRPIFQDGYPQ3F2TF2ETPIL7IYNSVVZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKTNYDBDVJNMVC7QPXQI7CMPLX3USZ2T https://lists.horde.org/archives/announce/2020/001285.html https://cardaci. • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2019-20454 – pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode

https://notcve.org/view.php?id=CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. Se detectó una lectura fuera de límites en PCRE versiones anteriores a 10.34, cuando el patrón \X es compilado en JIT y usado para hacer coincidir temas especialmente diseñados en modo no UTF. Las aplicaciones que utilizan PCRE para analizar entradas no confiables pueden ser vulnerables a este fallo, lo que permitiría a un atacante bloquear la aplicación. • https://bugs.exim.org/show_bug.cgi?id=2421 https://bugs.php.net/bug.php?id=78338 https://bugzilla.redhat.com/show_bug.cgi?id=1735494 https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI https://security.gentoo.org/glsa/202006-16 https://vcs.pcre.org/pcre2?view=revision&revision=1092 https://access.redhat.com/security/cve/CVE-2019-20454 • CWE-125: Out-of-bounds Read •

1...99 100 101 102 103