Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-01 CVE-2020-24583 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used).
7.5
2020-08-30 CVE-2020-14352 Path Traversal vulnerability in multiple products
A flaw was found in librepo in versions before 1.12.1.
network
low complexity
redhat opensuse fedoraproject CWE-22
8.0
2020-08-29 CVE-2020-24972 Improper Encoding or Escaping of Output vulnerability in multiple products
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options.
8.8
2020-08-25 CVE-2020-24614 Missing Authorization vulnerability in multiple products
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code.
network
low complexity
fossil-scm fedoraproject opensuse CWE-862
8.8
2020-08-24 CVE-2020-24606 Improper Locking vulnerability in multiple products
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message.
7.5
2020-08-21 CVE-2020-8623 Reachable Assertion vulnerability in multiple products
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.
7.5
2020-08-17 CVE-2020-1597 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests.
network
low complexity
microsoft fedoraproject
7.5
2020-08-13 CVE-2020-24342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
local
low complexity
lua fedoraproject CWE-119
7.8
2020-08-13 CVE-2020-24331 Improper Privilege Management vulnerability in multiple products
An issue was discovered in TrouSerS through 0.3.14.
local
low complexity
trousers-project fedoraproject CWE-269
7.8
2020-08-13 CVE-2020-24330 Improper Privilege Management vulnerability in multiple products
An issue was discovered in TrouSerS through 0.3.14.
local
low complexity
trousers-project fedoraproject CWE-269
7.8