Vulnerabilities > Fedoraproject > Fedora > 33

DATE CVE VULNERABILITY TITLE RISK
2020-06-11 CVE-2020-0198 Integer Overflow or Wraparound vulnerability in multiple products
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow.
7.5
2020-06-11 CVE-2020-0181 Integer Overflow or Wraparound vulnerability in multiple products
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow.
network
low complexity
google fedoraproject libexif-project CWE-190
7.5
2020-06-09 CVE-2020-13977 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.
network
low complexity
nagios fedoraproject CWE-829
4.9
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users.
network
low complexity
mumble qt fedoraproject opensuse
7.5
2020-06-06 CVE-2020-13871 Use After Free vulnerability in multiple products
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
7.5
2020-06-03 CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. 7.5
2020-05-26 CVE-2020-13614 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in ssl.c in Axel before 2.17.8.
network
high complexity
axel-project fedoraproject opensuse CWE-295
5.9
2020-05-25 CVE-2020-13482 Improper Certificate Validation vulnerability in multiple products
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library.
7.4
2020-05-22 CVE-2020-11077 In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.
network
low complexity
puma fedoraproject debian opensuse
7.5
2020-05-22 CVE-2020-11076 In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header.
network
low complexity
puma fedoraproject debian
7.5