Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-06 | CVE-2020-15136 | In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. | Fedora, Etcd | 6.5 | ||
| 2020-08-07 | CVE-2020-9490 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | Http_server, Apache_http_server | 7.5 | ||
| 2020-08-10 | CVE-2020-6070 | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | F2fs\-Tools, Fedora | 7.8 | ||
| 2020-08-11 | CVE-2020-17367 | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | Debian_linux, Fedora, Firejail, Leap | 7.8 | ||
| 2020-08-11 | CVE-2020-17368 | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | Debian_linux, Fedora, Firejail, Leap | 9.8 | ||
| 2020-08-11 | CVE-2020-17487 | radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. | Fedora, Radare2 | 7.5 | ||
| 2020-08-12 | CVE-2020-16145 | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | Fedora, Webmail | 6.1 | ||
| 2020-08-12 | CVE-2020-12673 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | Ubuntu_linux, Debian_linux, Dovecot, Fedora | 7.5 | ||
| 2020-08-12 | CVE-2020-12674 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | Ubuntu_linux, Debian_linux, Dovecot, Fedora | 7.5 | ||
| 2020-08-12 | CVE-2020-17507 | An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | Debian_linux, Fedora, Qt | 5.3 |