Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  >> 32  Security Vulnerabilities
CVE-2020-17498
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-08-13
CVE-2020-17507
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
CVSS Score
5.3
EPSS Score
0.026
Published
2020-08-12
CVE-2020-12100
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVSS Score
7.5
EPSS Score
0.068
Published
2020-08-12
CVE-2020-12673
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-08-12
CVE-2020-12674
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
CVSS Score
7.5
EPSS Score
0.064
Published
2020-08-12
CVE-2020-16145
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-08-12
CVE-2020-17487
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-08-11
CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-08-11
CVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
CVSS Score
9.8
EPSS Score
0.045
Published
2020-08-11
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
CVSS Score
7.5
EPSS Score
0.772
Published
2020-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved