Vulnerabilities > Fedoraproject

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-25	CVE-2020-8794	Out-of-bounds Read vulnerability in multiple products OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. network low complexity opensmtpd canonical fedoraproject debian CWE-125 critical	9.8
2020-02-25	CVE-2020-8793	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. local high complexity opensmtpd fedoraproject canonical CWE-367	4.7
2020-02-24	CVE-2020-1938	When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. network low complexity apache fedoraproject oracle debian opensuse blackberry netapp critical	9.8
2020-02-24	CVE-2020-9369	Resource Exhaustion vulnerability in multiple products Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. network low complexity sympa fedoraproject debian CWE-400	7.5
2020-02-24	CVE-2020-9365	Out-of-bounds Read vulnerability in multiple products An issue was discovered in Pure-FTPd 1.0.49. network low complexity pureftpd fedoraproject CWE-125	7.5
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-24	CVE-2019-18183	OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. network low complexity pacman-project fedoraproject CWE-78 critical	9.8
2020-02-24	CVE-2019-18182	OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. network low complexity pacman-project fedoraproject CWE-78 critical	9.8
2020-02-24	CVE-2019-20044	Improper Check for Dropped Privileges vulnerability in multiple products In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. local low complexity zsh fedoraproject debian apple CWE-273	7.8
2020-02-22	CVE-2020-8813	OS Command Injection vulnerability in multiple products graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. network low complexity cacti fedoraproject opmantek opensuse debian CWE-78	8.8

Vulnerabilities > Fedoraproject {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fedoraproject"}]}

Vulnerabilities > Fedoraproject