Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject fedora 31 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-20477
PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
3.7
CVSSv2
CVE-2020-13882
CISOfy Lynis prior to 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and repo...
Cisofy Lynis
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.8
CVSSv2
CVE-2019-14867
A flaw was found in IPA, all 4.6.x versions prior to 4.6.7, all 4.7.x versions prior to 4.7.4 and all 4.8.x versions prior to 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated atta...
Freeipa Freeipa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
4.3
CVSSv2
CVE-2020-6750
GSocketClient in GNOME GLib up to and including 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically...
Gnome Glib
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.8
CVSSv2
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 prior to 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
4.3
CVSSv2
CVE-2020-11054
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently l...
Qutebrowser Qutebrowser
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv2
CVE-2020-13231
In Cacti prior to 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
Cacti Cacti
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv2
CVE-2020-16145
Roundcube Webmail prior to 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
Roundcube Webmail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.8
CVSSv2
CVE-2020-15121
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwn...
Radare Radare2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2015-9541
Qt up to and including 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564.
Qt Qt
Fedoraproject Fedora 31
Fedoraproject Fedora 32
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »