Fedoraproject: >> Fedora Security Vulnerabilities
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-05-12
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
CVSS Score
9.8
EPSS Score
0.49
Published
2020-05-11
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
CVSS Score
5.5
EPSS Score
0.004
Published
2020-05-11
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
CVSS Score
5.5
EPSS Score
0.004
Published
2020-05-11
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-05-11
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-05-11
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
CVSS Score
7.5
EPSS Score
0.029
Published
2020-05-11
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
CVSS Score
6.7
EPSS Score
0.0
Published
2020-05-09
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-05-09
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-05-08