Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. network low complexity apache fedoraproject oracle debian opensuse blackberry netapp critical	9.8
2020-02-24	CVE-2020-9369	Resource Exhaustion vulnerability in multiple products Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. network low complexity sympa fedoraproject debian CWE-400	7.5
2020-02-24	CVE-2020-9365	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Pure-FTPd 1.0.49. network low complexity pureftpd fedoraproject CWE-125	7.5
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-24	CVE-2019-18183	OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. network low complexity pacman-project fedoraproject CWE-78 critical	9.8
2020-02-24	CVE-2019-18182	OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. network low complexity pacman-project fedoraproject CWE-78 critical	9.8
2020-02-24	CVE-2019-20044	Improper Check for Dropped Privileges vulnerability in multiple products In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. local low complexity zsh fedoraproject debian apple CWE-273	7.8
2020-02-22	CVE-2020-8813	OS Command Injection vulnerability in multiple products graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. network low complexity cacti fedoraproject opmantek opensuse debian CWE-78	8.8
2020-02-20	CVE-2015-4411	Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. network low complexity mongodb fedoraproject CWE-400	7.5
2020-02-20	CVE-2015-4410	Improper Input Validation vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. network low complexity moped-project fedoraproject CWE-20	7.5