Fedora
(Fedoraproject)| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2020-03-31 | CVE-2019-14905 | A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. | Fedora, Ansible_engine, Ansible_tower, Ceph_storage, Cloudforms_management_engine, Openstack | N/A | |
| 2019-11-27 | CVE-2019-14812 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Fedora | N/A | |
| 2014-10-15 | CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | Mac_os_x, Debian_linux, Fedora, Aix, Vios, Mageia, Netbsd, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Openssl, Opensuse, Database, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_desktop_supplementary, Enterprise_linux_server, Enterprise_linux_server_supplementary, Enterprise_linux_workstation, Enterprise_linux_workstation_supplementary | N/A | |
| 2019-11-17 | CVE-2019-19012 | An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. | Debian_linux, Fedora, Oniguruma, Enterprise_linux | N/A | |
| 2020-03-24 | CVE-2020-9359 | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | Debian_linux, Fedora, Okular | N/A | |
| 2020-03-24 | CVE-2020-1747 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. | Fedora, Pyyaml | N/A | |
| 2020-03-23 | CVE-2020-6449 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | |
| 2020-03-23 | CVE-2020-6429 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | |
| 2020-03-23 | CVE-2020-6428 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | |
| 2020-03-23 | CVE-2020-6427 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | N/A |