Filtered by vendor Fedoraproject
Subscriptions
Total
5415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | ||||
| CVE-2020-24606 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 8.6 High |
| Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | ||||
| CVE-2020-24584 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | ||||
| CVE-2020-24583 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | ||||
| CVE-2020-24553 | 5 Fedoraproject, Golang, Opensuse and 2 more | 6 Fedora, Go, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | ||||
| CVE-2020-24455 | 2 Fedoraproject, Tpm2 Software Stack Project | 2 Fedora, Tpm2 Software Stack | 2024-11-21 | 6.7 Medium |
| Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. | ||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 7.5 High |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | ||||
| CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 7.5 High |
| An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | ||||
| CVE-2020-24386 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 6.8 Medium |
| An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-11-21 | 7.8 High |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
| CVE-2020-24332 | 3 Fedoraproject, Redhat, Trustedcomputinggroup | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 5.5 Medium |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | ||||
| CVE-2020-24331 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | ||||
| CVE-2020-24330 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | ||||
| CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-23903 | 3 Fedoraproject, Redhat, Xiph | 3 Fedora, Enterprise Linux, Speex | 2024-11-21 | 5.5 Medium |
| A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. | ||||
| CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2024-11-21 | 5.5 Medium |
| Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | ||||
| CVE-2020-20740 | 3 Debian, Fedoraproject, Pdfresurrect Project | 3 Debian Linux, Fedora, Pdfresurrect | 2024-11-21 | 7.8 High |
| PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). | ||||
| CVE-2020-20739 | 3 Debian, Fedoraproject, Libvips | 3 Debian Linux, Fedora, Libvips | 2024-11-21 | 5.3 Medium |
| im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | ||||
| CVE-2020-1983 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 7.5 High |
| A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||||