Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2020-08-13 CVE-2020-24330 Improper Privilege Management vulnerability in multiple products
An issue was discovered in TrouSerS through 0.3.14.
local
low complexity
trousers-project fedoraproject CWE-269
7.8
7.8
2020-08-13 CVE-2020-17498 Double Free vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-415
6.5
6.5
2020-08-12 CVE-2020-17507 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1.
network
low complexity
qt debian fedoraproject CWE-125
5.3
5.3
2020-08-12 CVE-2020-12674 Out-of-bounds Read vulnerability in multiple products
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
network
low complexity
dovecot debian canonical fedoraproject CWE-125
7.5
7.5
2020-08-12 CVE-2020-12673 Out-of-bounds Read vulnerability in multiple products
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
network
low complexity
dovecot debian canonical fedoraproject CWE-125
7.5
7.5
2020-08-12 CVE-2020-12100 Uncontrolled Recursion vulnerability in multiple products
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
network
low complexity
dovecot debian fedoraproject canonical CWE-674
7.5
7.5
2020-08-12 CVE-2020-16145 Cross-site Scripting vulnerability in multiple products
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
network
low complexity
roundcube fedoraproject CWE-79
6.1
6.1
2020-08-11 CVE-2020-17487 radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c.
network
low complexity
radare fedoraproject
7.5
7.5
2020-08-11 CVE-2020-17368 OS Command Injection vulnerability in multiple products
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
network
low complexity
firejail-project debian fedoraproject opensuse CWE-78
critical
 9.8
9.8
2020-08-11 CVE-2020-17367 Argument Injection or Modification vulnerability in multiple products
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. 		7.8
7.8