Fedoraproject: >> Fedora >> 33 Security Vulnerabilities
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-06
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-11-06
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-06
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-06
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-11-04
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-04
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.008
Published
2020-11-03
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSS Score
8.8
EPSS Score
0.014
Published
2020-11-03
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-11-03
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.012
Published
2020-11-03