Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-15 | CVE-2020-3810 | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | Ubuntu_linux, Apt, Debian_linux, Fedora | 5.5 | ||
| 2020-05-19 | CVE-2020-12662 | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap | 7.5 | ||
| 2020-05-19 | CVE-2020-12663 | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap | 7.5 | ||
| 2020-05-19 | CVE-2020-8617 | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state... | Ubuntu_linux, Debian_linux, Fedora, Bind, Leap | 5.9 | ||
| 2020-05-19 | CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | Fedora, Resteasy | 7.5 | ||
| 2020-05-19 | CVE-2020-13164 | In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2020-05-20 | CVE-2020-9484 | When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be... | Tomcat, Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Leap, Agile_engineering_data_management, Agile_plm, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Database, Fmw_platform, Hospitality_guest_access, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Retail_order_broker, Siebel_apps_\-_marketing, Siebel_ui_framework, Transportation_management, Workload_manager | 7.0 | ||
| 2020-05-20 | CVE-2020-13230 | In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | Cacti, Debian_linux, Fedora | 4.3 | ||
| 2020-05-20 | CVE-2020-13231 | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | Cacti, Fedora | 6.5 | ||
| 2020-05-20 | CVE-2020-13249 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | Fedora, Connector\/c, Leap | 8.8 |