Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-05 | CVE-2020-11033 | Information Exposure vulnerability in multiple products In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. | 7.2 |
| 2020-05-04 | CVE-2020-10700 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. | 5.3 |
| 2020-05-04 | CVE-2020-10933 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. | 5.3 |
| 2020-04-30 | CVE-2020-12050 | Race Condition vulnerability in multiple products SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. | 7.0 |
| 2020-04-29 | CVE-2020-11022 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2020-04-29 | CVE-2020-11023 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2020-04-29 | CVE-2020-12459 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. | 5.5 |
| 2020-04-29 | CVE-2020-12458 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. | 5.5 |
| 2020-04-29 | CVE-2020-11884 | Race Condition vulnerability in multiple products In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. | 7.0 |
| 2020-04-28 | CVE-2020-10663 | Improper Input Validation vulnerability in multiple products The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. | 7.5 |