Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-19 | CVE-2020-6061 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 9.8 | ||
| 2020-02-19 | CVE-2020-6062 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 7.5 | ||
| 2020-02-20 | CVE-2020-9308 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | Ubuntu_linux, Fedora, Libarchive | 8.8 | ||
| 2020-02-20 | CVE-2020-9273 | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | Debian_linux, Fedora, Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware | 8.8 | ||
| 2020-02-22 | CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | Cacti, Debian_linux, Fedora, Suse_package_hub, Open\-Audit | 8.8 | ||
| 2020-02-24 | CVE-2020-8130 | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | Ubuntu_linux, Debian_linux, Fedora, Leap, Rake | 6.4 | ||
| 2020-02-24 | CVE-2020-9365 | An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. | Fedora, Pure\-Ftpd | 7.5 | ||
| 2020-02-24 | CVE-2020-9369 | Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | Debian_linux, Fedora, Sympa | 7.5 | ||
| 2020-02-25 | CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | Ubuntu_linux, Fedora, Opensmtpd | 4.7 | ||
| 2020-02-25 | CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. | Ubuntu_linux, Debian_linux, Fedora, Opensmtpd | 9.8 |