Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-08-04 | 7.5 High |
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | ||||
CVE-2020-24330 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-08-04 | 7.8 High |
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | ||||
CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-08-04 | 7.8 High |
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-08-04 | 7.5 High |
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | ||||
CVE-2020-24332 | 3 Fedoraproject, Redhat, Trustedcomputinggroup | 3 Fedora, Enterprise Linux, Trousers | 2024-08-04 | 5.5 Medium |
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | ||||
CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-08-04 | 7.5 High |
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | ||||
CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-08-04 | 7.5 High |
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | ||||
CVE-2020-24119 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-08-04 | 7.1 High |
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | ||||
CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2024-08-04 | 5.5 Medium |
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | ||||
CVE-2020-23903 | 3 Fedoraproject, Redhat, Xiph | 3 Fedora, Enterprise Linux, Speex | 2024-08-04 | 5.5 Medium |
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | ||||
CVE-2020-20740 | 3 Debian, Fedoraproject, Pdfresurrect Project | 3 Debian Linux, Fedora, Pdfresurrect | 2024-08-04 | 7.8 High |
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). | ||||
CVE-2020-20739 | 3 Debian, Fedoraproject, Libvips | 3 Debian Linux, Fedora, Libvips | 2024-08-04 | 5.3 Medium |
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | ||||
CVE-2020-19752 | 2 Fedoraproject, Lcdf | 2 Fedora, Gifsicle | 2024-08-04 | 7.5 High |
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | ||||
CVE-2020-18442 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-04 | 3.3 Low |
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | ||||
CVE-2020-18032 | 4 Debian, Fedoraproject, Graphviz and 1 more | 4 Debian Linux, Fedora, Graphviz and 1 more | 2024-08-04 | 7.8 High |
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | ||||
CVE-2020-17498 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-08-04 | 6.5 Medium |
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | ||||
CVE-2020-17507 | 4 Debian, Fedoraproject, Qt and 1 more | 4 Debian Linux, Fedora, Qt and 1 more | 2024-08-04 | 5.3 Medium |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | ||||
CVE-2020-17487 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-08-04 | 7.5 High |
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. | ||||
CVE-2020-17368 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-08-04 | 9.8 Critical |
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | ||||
CVE-2020-17367 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-08-04 | 7.8 High |
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. |