Fedora Security Vulnerabilities
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
5.5CVSS
5.6AI Score
0.001EPSS
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
5.5CVSS
5.4AI Score
0.001EPSS
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
8.8CVSS
9AI Score
0.016EPSS
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be...
3.7CVSS
4.1AI Score
0.005EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
5.5CVSS
6AI Score
0.001EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
5.5CVSS
6AI Score
0.001EPSS
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.
7.8CVSS
7.4AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
3.3CVSS
3.6AI Score
0.0004EPSS
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
7CVSS
6.6AI Score
0.0004EPSS
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if...
9.8CVSS
9.7AI Score
0.138EPSS
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...
7.5CVSS
6.9AI Score
0.002EPSS
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
8.2CVSS
7.8AI Score
0.007EPSS
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users sho...
8.2CVSS
7.8AI Score
0.002EPSS
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this v...
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.
7CVSS
6.9AI Score
0.0004EPSS
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
7.5CVSS
7.3AI Score
0.015EPSS
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
7.5CVSS
7.2AI Score
0.041EPSS
6.5CVSS
6.4AI Score
0.003EPSS
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conc...
6.1CVSS
6.1AI Score
0.012EPSS
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
7.5CVSS
7.4AI Score
0.006EPSS
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example...
5.3CVSS
7AI Score
0.002EPSS
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret...
4.4CVSS
5.8AI Score
0.001EPSS
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
5.5CVSS
5.5AI Score
0.001EPSS
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
5.5CVSS
5.7AI Score
0.0005EPSS
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte over...
9.8CVSS
9.6AI Score
0.011EPSS
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
7.5CVSS
7.5AI Score
0.011EPSS
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5CVSS
7.5AI Score
0.019EPSS
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
6.1CVSS
6AI Score
0.001EPSS
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
7.5CVSS
7.3AI Score
0.007EPSS
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
7.5CVSS
7.3AI Score
0.003EPSS
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
8.1CVSS
7.8AI Score
0.007EPSS
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5CVSS
7.6AI Score
0.005EPSS
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
7.5CVSS
8.1AI Score
0.002EPSS
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
9.1CVSS
8.9AI Score
0.003EPSS
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
7.8CVSS
8AI Score
0.001EPSS
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
6.7CVSS
6.7AI Score
0.0005EPSS
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
7.5CVSS
7.5AI Score
0.003EPSS
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed w...
5.3CVSS
5.7AI Score
0.002EPSS
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for...
6.5CVSS
5.6AI Score
0.003EPSS
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
9.8CVSS
9.4AI Score
0.014EPSS
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
5.5CVSS
5.4AI Score
0.001EPSS
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3CVSS
6AI Score
0.0005EPSS
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
7.5CVSS
7.2AI Score
0.002EPSS
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
4.3CVSS
5.1AI Score
0.003EPSS