Vulnerabilities > Fedoraproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-09 | CVE-2020-13977 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 4.9 |
2020-06-09 | CVE-2020-10757 | Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. | 7.8 |
2020-06-09 | CVE-2020-13965 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
2020-06-09 | CVE-2020-13964 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. | 6.1 |
2020-06-09 | CVE-2020-13962 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. | 7.5 |
2020-06-08 | CVE-2020-10754 | Missing Authentication for Critical Function vulnerability in multiple products It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. | 4.3 |
2020-06-08 | CVE-2020-13696 | Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. | 4.4 |
2020-06-08 | CVE-2020-13625 | Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. | 7.5 |
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-06-08 | CVE-2020-12803 | Improper Input Validation vulnerability in multiple products ODF documents can contain forms to be filled out by the user. | 6.5 |