Fedoraproject: >> Fedora Security Vulnerabilities
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-05-20
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
CVSS Score
7.5
EPSS Score
0.018
Published
2020-05-19
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-05-19
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-05-19
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
CVSS Score
5.1
EPSS Score
0.001
Published
2020-05-19
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-05-19
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-05-19
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-05-19
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
CVSS Score
7.5
EPSS Score
0.155
Published
2020-05-19
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
CVSS Score
7.5
EPSS Score
0.091
Published
2020-05-19