Vulnerabilities > Fedoraproject > Fedora > 30
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-04 | CVE-2020-10700 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. | 5.3 |
2020-04-30 | CVE-2020-12050 | Race Condition vulnerability in multiple products SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | 7.0 |
2020-04-29 | CVE-2020-11884 | Race Condition vulnerability in multiple products In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. | 7.0 |
2020-04-28 | CVE-2020-10663 | Improper Input Validation vulnerability in multiple products The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. | 7.5 |
2020-04-27 | CVE-2020-11810 | Race Condition vulnerability in multiple products An issue was discovered in OpenVPN 2.4.x before 2.4.9. | 3.7 |
2020-04-27 | CVE-2019-18823 | Improper Authentication vulnerability in multiple products HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. | 9.8 |
2020-04-23 | CVE-2020-11945 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. | 9.8 |
2020-04-22 | CVE-2020-12066 | Improper Input Validation vulnerability in multiple products CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | 7.5 |
2020-04-21 | CVE-2020-1967 | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-04-17 | CVE-2020-11793 | Use After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | 8.8 |