Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-11 | CVE-2020-12783 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | Ubuntu_linux, Debian_linux, Exim, Fedora | 7.5 | ||
| 2020-05-12 | CVE-2020-8151 | There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | Fedora, Active_resource | 7.5 | ||
| 2020-05-12 | CVE-2020-8153 | Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | Fedora, Group_folders | 8.1 | ||
| 2020-05-12 | CVE-2020-8156 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | Fedora, Mail | 7.0 | ||
| 2020-05-12 | CVE-2020-12823 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | Debian_linux, Fedora, Openconnect, Leap | 9.8 | ||
| 2020-05-13 | CVE-2020-3327 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clam_antivirus, Debian_linux, Fedora | 7.5 | ||
| 2020-05-13 | CVE-2020-3341 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clam_antivirus, Debian_linux, Fedora | 7.5 | ||
| 2020-05-14 | CVE-2020-1945 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | Ant, Ubuntu_linux, Fedora, Leap, Agile_engineering_data_management, Banking_enterprise_collections, Banking_liquidity_management, Banking_platform, Business_process_management_suite, Category_management_planning_\&_optimization, Communications_asap, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_order_and_service_management, Data_integrator, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Flexcube_investor_servicing, Flexcube_private_banking, Health_sciences_information_manager, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_back_office, Retail_bulk_data_integration, Retail_central_office, Retail_data_extractor_for_merchandising, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_item_planning, Retail_macro_space_optimization, Retail_merchandise_financial_planning, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_regular_price_optimization, Retail_replenishment_optimization, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_store_inventory_management, Retail_xstore_point_of_service, Timesten_in\-Memory_database, Utilities_framework | 6.3 | ||
| 2020-05-15 | CVE-2020-12888 | The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Bootstrap_os, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap | 5.3 | ||
| 2020-05-15 | CVE-2020-3810 | Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. | Ubuntu_linux, Apt, Debian_linux, Fedora | 5.5 |