Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24606 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.1 HIGH | 8.6 HIGH |
| Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | |||||
| CVE-2020-24584 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | |||||
| CVE-2020-24583 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | |||||
| CVE-2020-24553 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |||||
| CVE-2020-24455 | 2 Fedoraproject, Tpm2 Software Stack Project | 2 Fedora, Tpm2 Software Stack | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. | |||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | |||||
| CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | |||||
| CVE-2020-24386 | 3 Debian, Dovecot, Fedoraproject | 3 Debian Linux, Dovecot, Fedora | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | |||||
| CVE-2020-24370 | 3 Debian, Fedoraproject, Lua | 3 Debian Linux, Fedora, Lua | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | |||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | |||||
| CVE-2020-24332 | 2 Fedoraproject, Trustedcomputinggroup | 2 Fedora, Trousers | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | |||||
| CVE-2020-24331 | 2 Fedoraproject, Trousers Project | 2 Fedora, Trousers | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | |||||
| CVE-2020-24330 | 2 Fedoraproject, Trousers Project | 2 Fedora, Trousers | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | |||||
| CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | |||||
| CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | |||||
| CVE-2020-24119 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||||
| CVE-2020-23903 | 2 Fedoraproject, Xiph | 2 Fedora, Speex | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | |||||
| CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | |||||
| CVE-2020-20740 | 3 Debian, Fedoraproject, Pdfresurrect Project | 3 Debian Linux, Fedora, Pdfresurrect | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). | |||||
| CVE-2020-20739 | 3 Debian, Fedoraproject, Libvips | 3 Debian Linux, Fedora, Libvips | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | |||||