Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-19	CVE-2020-6062	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project debian fedoraproject canonical CWE-476	7.5
2020-02-19	CVE-2020-6061	Out-of-bounds Read vulnerability in multiple products An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project fedoraproject debian canonical CWE-125 critical	9.8
2020-02-19	CVE-2019-20477	Deserialization of Untrusted Data vulnerability in multiple products PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. network low complexity pyyaml fedoraproject CWE-502 critical	9.8
2020-02-17	CVE-2014-8089	SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. network low complexity zend redhat fedoraproject CWE-89 critical	9.8
2020-02-17	CVE-2020-8518	Code Injection vulnerability in multiple products Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. network low complexity horde fedoraproject debian CWE-94 critical	9.8
2020-02-14	CVE-2019-20454	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. network low complexity pcre fedoraproject splunk CWE-125	7.5
2020-02-12	CVE-2020-8955	Classic Buffer Overflow vulnerability in multiple products irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode). network low complexity weechat fedoraproject opensuse debian CWE-120 critical	9.8
2020-02-12	CVE-2020-8945	Use After Free vulnerability in multiple products The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. network high complexity gpgme-project redhat fedoraproject CWE-416	7.5
2020-02-12	CVE-2020-7957	Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. network low complexity dovecot fedoraproject CWE-20	5.3
2020-02-12	CVE-2020-7046	Infinite Loop vulnerability in multiple products lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. network low complexity dovecot fedoraproject CWE-835	7.5