Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-12740 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-08-04 | 9.1 Critical |
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | ||||
CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-08-04 | 7.5 High |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
CVE-2020-12673 | 5 Canonical, Debian, Dovecot and 2 more | 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more | 2024-08-04 | 7.5 High |
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | ||||
CVE-2020-12662 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-08-04 | 7.5 High |
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||||
CVE-2020-12663 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-08-04 | 7.5 High |
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | ||||
CVE-2020-12674 | 5 Canonical, Debian, Dovecot and 2 more | 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more | 2024-08-04 | 7.5 High |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | ||||
CVE-2020-12693 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-04 | 8.1 High |
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | ||||
CVE-2020-12666 | 3 Fedoraproject, Go-macaron, Redhat | 3 Fedora, Macaron, Service Mesh | 2024-08-04 | 6.1 Medium |
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | ||||
CVE-2020-12723 | 6 Fedoraproject, Netapp, Opensuse and 3 more | 21 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 18 more | 2024-08-04 | 7.5 High |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | ||||
CVE-2020-12460 | 3 Debian, Fedoraproject, Trusteddomain | 3 Debian Linux, Fedora, Opendmarc | 2024-08-04 | 9.8 Critical |
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | ||||
CVE-2020-12459 | 3 Fedoraproject, Grafana, Redhat | 4 Fedora, Grafana, Enterprise Linux and 1 more | 2024-08-04 | 5.5 Medium |
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. | ||||
CVE-2020-12458 | 3 Fedoraproject, Grafana, Redhat | 4 Fedora, Grafana, Ceph Storage and 1 more | 2024-08-04 | 5.5 Medium |
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). | ||||
CVE-2020-12402 | 5 Debian, Fedoraproject, Mozilla and 2 more | 6 Debian Linux, Fedora, Firefox and 3 more | 2024-08-04 | 4.4 Medium |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. | ||||
CVE-2020-12272 | 2 Fedoraproject, Trusteddomain | 2 Fedora, Opendmarc | 2024-08-04 | 5.3 Medium |
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. | ||||
CVE-2020-12108 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 6.5 Medium |
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | ||||
CVE-2020-12244 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2024-08-04 | 7.5 High |
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | ||||
CVE-2020-12137 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 6.1 Medium |
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. | ||||
CVE-2020-12050 | 3 Fedoraproject, Opensuse, Sqliteodbc Project | 3 Fedora, Backports Sle, Sqliteodbc | 2024-08-04 | 7.0 High |
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | ||||
CVE-2020-12100 | 5 Canonical, Debian, Dovecot and 2 more | 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more | 2024-08-04 | 7.5 High |
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | ||||
CVE-2020-12066 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-04 | 7.5 High |
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. |