Vulnerabilities > Fedoraproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-10 | CVE-2020-6070 | Incorrect Calculation of Buffer Size vulnerability in multiple products An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. | 7.8 |
2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
2020-08-07 | CVE-2020-11984 | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
2020-08-06 | CVE-2020-15136 | Missing Authentication for Critical Function vulnerability in multiple products In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. | 6.5 |
2020-08-06 | CVE-2020-15114 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. | 7.7 |
2020-08-06 | CVE-2020-15115 | Weak Password Requirements vulnerability in multiple products etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. | 7.5 |
2020-08-06 | CVE-2020-16845 | Infinite Loop vulnerability in multiple products Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | 7.5 |
2020-08-05 | CVE-2020-15113 | Improper Preservation of Permissions vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. | 7.1 |
2020-08-05 | CVE-2020-15112 | Improper Validation of Array Index vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. | 6.5 |