Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-12 | CVE-2020-8945 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | Fedora, Gpgme, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Enterprise_linux_server, Enterprise_linux_workstation, Openshift_container_platform, Openshift_container_platform_for_ibm_z, Openshift_container_platform_for_linuxone | 7.5 | ||
| 2020-02-12 | CVE-2020-7046 | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. | Dovecot, Fedora | 7.5 | ||
| 2020-02-12 | CVE-2020-7957 | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | Dovecot, Fedora | 5.3 | ||
| 2020-02-12 | CVE-2020-8955 | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). | Debian_linux, Fedora, Backports_sle, Leap, Weechat | 9.8 | ||
| 2020-02-17 | CVE-2020-8518 | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | Debian_linux, Fedora, Groupware | 9.8 | ||
| 2020-02-19 | CVE-2020-6061 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 9.8 | ||
| 2020-02-19 | CVE-2020-6062 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 7.5 | ||
| 2020-02-20 | CVE-2020-9308 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | Ubuntu_linux, Fedora, Libarchive | 8.8 | ||
| 2020-02-20 | CVE-2020-9273 | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | Debian_linux, Fedora, Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware | 8.8 | ||
| 2020-02-22 | CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | Cacti, Debian_linux, Fedora, Suse_package_hub, Open\-Audit | 8.8 |