Vulnerabilities > Fedoraproject > Fedora > 31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-20 | CVE-2020-13249 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. | 8.8 |
2020-05-20 | CVE-2020-11078 | CRLF Injection vulnerability in multiple products In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. | 6.8 |
2020-05-20 | CVE-2020-13231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 |
2020-05-20 | CVE-2020-13230 | Improper Preservation of Permissions vulnerability in multiple products In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | 4.3 |
2020-05-19 | CVE-2020-13164 | Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. | 7.5 |
2020-05-19 | CVE-2020-10995 | Resource Exhaustion vulnerability in multiple products PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. | 7.5 |
2020-05-19 | CVE-2020-8617 | Reachable Assertion vulnerability in multiple products Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. | 5.9 |
2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
2020-05-19 | CVE-2020-12244 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 7.5 |