Vulnerabilities > Fedoraproject > Fedora > 20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2014-0147 | Integer Overflow or Wraparound vulnerability in multiple products Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 6.2 |
| 2021-02-06 | CVE-2020-14312 | Unspecified vulnerability in Fedoraproject Fedora A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. | 5.9 |
| 2020-02-17 | CVE-2014-8089 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | 9.8 |
| 2020-02-05 | CVE-2010-5304 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. | 7.5 |
| 2020-01-28 | CVE-2013-0294 | Use of Insufficiently Random Values vulnerability in multiple products packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 5.9 |
| 2020-01-28 | CVE-2014-2581 | Insufficiently Protected Credentials vulnerability in multiple products Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | 7.5 |
| 2020-01-24 | CVE-2014-4172 | Injection vulnerability in multiple products A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | 9.8 |
| 2019-12-03 | CVE-2013-4411 | Incorrect Authorization vulnerability in multiple products Review Board: URL processing gives unauthorized users access to review lists | 4.3 |
| 2019-12-02 | CVE-2013-4410 | Incorrect Authorization vulnerability in multiple products ReviewBoard: has an access-control problem in REST API | 7.5 |
| 2019-12-02 | CVE-2012-4428 | Out-of-bounds Read vulnerability in multiple products openslp: SLPIntersectStringList()' Function has a DoS vulnerability | 7.5 |