Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 5046 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14591 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-12673 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-11864 3 Fedoraproject, Libemf Project, Opensuse 3 Fedora, Libemf, Leap 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
CVE-2020-15094 2 Fedoraproject, Sensiolabs 3 Fedora, Httpclient, Symfony 2023-12-10 7.5 HIGH 8.8 HIGH
In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.
CVE-2020-13632 8 Brocade, Canonical, Debian and 5 more 13 Fabric Operating System, Ubuntu Linux, Debian Linux and 10 more 2023-12-10 2.1 LOW 5.5 MEDIUM
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-14367 3 Canonical, Fedoraproject, Tuxfamily 3 Ubuntu Linux, Fedora, Chrony 2023-12-10 3.6 LOW 6.0 MEDIUM
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
CVE-2020-24584 4 Canonical, Djangoproject, Fedoraproject and 1 more 4 Ubuntu Linux, Django, Fedora and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
CVE-2020-11096 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-12-10 6.4 MEDIUM 6.5 MEDIUM
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
CVE-2020-10802 5 Debian, Fedoraproject, Opensuse and 2 more 7 Debian Linux, Fedora, Backports Sle and 4 more 2023-12-10 6.0 MEDIUM 8.0 HIGH
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
CVE-2020-25219 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
CVE-2020-24654 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2023-12-10 4.3 MEDIUM 3.3 LOW
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
CVE-2020-11743 2 Fedoraproject, Xen 2 Fedora, Xen 2023-12-10 2.1 LOW 5.5 MEDIUM
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.
CVE-2020-16166 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2023-12-10 4.3 MEDIUM 3.7 LOW
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
CVE-2020-14547 4 Canonical, Fedoraproject, Netapp and 1 more 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more 2023-12-10 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-13776 3 Fedoraproject, Netapp, Systemd Project 4 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 1 more 2023-12-10 6.2 MEDIUM 6.7 MEDIUM
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2020-2901 4 Canonical, Fedoraproject, Netapp and 1 more 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more 2023-12-10 4.0 MEDIUM 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14148 3 Barton, Debian, Fedoraproject 3 Ngircd, Debian Linux, Fedora 2023-12-10 5.0 MEDIUM 7.5 HIGH
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
CVE-2020-6518 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2023-12-10 9.3 HIGH 8.8 HIGH
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-25211 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-12-10 3.6 LOW 6.0 MEDIUM
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
CVE-2020-11758 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.