Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2020-8449 | Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. | 7.5 |
| 2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |
| 2020-01-31 | CVE-2015-6815 | Infinite Loop vulnerability in multiple products The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | 3.5 |
| 2020-01-31 | CVE-2011-4088 | Information Exposure vulnerability in multiple products ABRT might allow attackers to obtain sensitive information from crash reports. | 7.5 |
| 2020-01-30 | CVE-2020-8492 | Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | 6.5 |
| 2020-01-29 | CVE-2019-20445 | HTTP Request Smuggling vulnerability in multiple products HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. | 9.1 |
| 2020-01-29 | CVE-2019-20444 | HTTP Request Smuggling vulnerability in multiple products HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | 9.1 |
| 2020-01-29 | CVE-2020-7247 | Improper Handling of Exceptional Conditions vulnerability in multiple products smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. | 9.8 |
| 2020-01-28 | CVE-2015-8011 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | 9.8 |
| 2020-01-28 | CVE-2013-0294 | Use of Insufficiently Random Values vulnerability in multiple products packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 5.9 |