Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2014-2581 | Insufficiently Protected Credentials vulnerability in multiple products Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. | 7.5 |
| 2020-01-28 | CVE-2013-1895 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | 7.5 |
| 2020-01-28 | CVE-2013-1437 | Injection vulnerability in multiple products Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. | 9.8 |
| 2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-01-27 | CVE-2020-7238 | HTTP Request Smuggling vulnerability in multiple products Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. | 7.5 |
| 2020-01-24 | CVE-2015-9541 | XML Entity Expansion vulnerability in multiple products Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | 7.5 |
| 2020-01-24 | CVE-2014-4172 | Injection vulnerability in multiple products A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | 9.8 |
| 2020-01-23 | CVE-2019-17570 | Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. | 9.8 |
| 2020-01-23 | CVE-2015-5745 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. | 6.5 |
| 2020-01-23 | CVE-2015-5278 | Infinite Loop vulnerability in multiple products The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | 6.5 |