#Vulnerabilities 870
Date ID Summary Products Score Patch
2019-03-21 CVE-2018-18898 The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. Request_tracker, Fedora 7.5
2020-01-24 CVE-2014-4172 A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/ or (2) pgtUrl parameter to validation/ \.net_cas_client, Java_cas_client, Phpcas, Debian_linux, Fedora N/A
2019-08-01 CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at Ubuntu_linux, Fedora, Poppler N/A
2020-01-31 CVE-2015-6815 The process_tx_desc function in hw/net/e1000.c in QEMU before does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. Ubuntu_linux, Fedora, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Qemu, Enterprise_linux, Openstack, Xen N/A
2020-01-03 CVE-2020-5313 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Fedora, Pillow N/A
2020-02-06 CVE-2016-1544 nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). Fedora, Nghttp2 N/A
2020-02-06 CVE-2013-4572 The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. Fedora, Mediawiki N/A
2020-02-05 CVE-2010-5304 A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Fedora, Libvncserver N/A
2019-11-27 CVE-2019-14867 A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server. Fedora, Freeipa N/A
2019-11-27 CVE-2019-10195 A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to... Fedora, Freeipa N/A