Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-23 | CVE-2020-1760 | A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | Ubuntu_linux, Debian_linux, Fedora, Ceph, Ceph_storage, Openshift_container_platform | 6.1 | ||
| 2020-05-05 | CVE-2020-12666 | macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | Fedora, Macaron | 6.1 | ||
| 2020-05-09 | CVE-2020-12770 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage | 6.7 | ||
| 2020-05-08 | CVE-2020-12740 | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | Tcpreplay, Fedora | 9.1 | ||
| 2020-05-11 | CVE-2020-12783 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | Ubuntu_linux, Debian_linux, Exim, Fedora | 7.5 | ||
| 2020-05-12 | CVE-2020-8151 | There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | Fedora, Active_resource | 7.5 | ||
| 2020-05-12 | CVE-2020-8153 | Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | Fedora, Group_folders | 8.1 | ||
| 2020-05-12 | CVE-2020-8156 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | Fedora, Mail | 7.0 | ||
| 2020-05-12 | CVE-2020-12823 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | Debian_linux, Fedora, Openconnect, Leap | 9.8 | ||
| 2020-05-13 | CVE-2020-3327 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clam_antivirus, Debian_linux, Fedora | 7.5 |