Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-07 CVE-2020-26880 Improper Privilege Management vulnerability in multiple products
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
local
low complexity
sympa fedoraproject debian CWE-269
7.8
7.8
2020-10-06 CVE-2020-26575 Infinite Loop vulnerability in multiple products
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2020-10-06 CVE-2020-25866 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-476
7.5
7.5
2020-10-06 CVE-2020-25863 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
network
low complexity
wireshark fedoraproject opensuse debian oracle
7.5
7.5
2020-10-06 CVE-2020-25862 Improper Validation of Integrity Check Value vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. 		7.5
7.5
2020-10-06 CVE-2020-25613 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1.
network
low complexity
ruby-lang fedoraproject CWE-444
7.5
7.5
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
7.5
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5