Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2020-02-17 CVE-2020-8518 Code Injection vulnerability in multiple products
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
network
low complexity
horde fedoraproject debian CWE-94
critical
 9.8
9.8
2020-02-14 CVE-2019-20454 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode.
network
low complexity
pcre fedoraproject splunk CWE-125
7.5
7.5
2020-02-12 CVE-2020-8955 Classic Buffer Overflow vulnerability in multiple products
irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).
network
low complexity
weechat fedoraproject opensuse debian CWE-120
critical
 9.8
9.8
2020-02-12 CVE-2020-8945 Use After Free vulnerability in multiple products
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O.
network
high complexity
gpgme-project redhat fedoraproject CWE-416
7.5
7.5
2020-02-12 CVE-2020-7957 Improper Input Validation vulnerability in multiple products
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists.
network
low complexity
dovecot fedoraproject CWE-20
5.3
5.3
2020-02-12 CVE-2020-7046 Infinite Loop vulnerability in multiple products
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
network
low complexity
dovecot fedoraproject CWE-835
7.5
7.5
2020-02-11 CVE-2020-6416 Improper Input Validation vulnerability in multiple products
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 		8.8
8.8
2020-02-11 CVE-2020-6415 Out-of-bounds Write vulnerability in multiple products
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 		8.8
8.8
2020-02-11 CVE-2020-6408 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian suse redhat
6.5
6.5
2020-02-11 CVE-2020-6406 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian suse redhat CWE-416
8.8
8.8