The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Fedora

NetHack: integer overflow via Run-time Configuration File
An attacker can trigger an integer overflow via Run-time Configuration File of NetHack, in order to trigger a denial of service, and possibly to run code...
FEDORA-2020-16268b450d, FEDORA-2020-4c3d74204a, VIGILANCE-VUL-31826
Apache CouchDB: privilege escalation via HTTPS Database Server
An attacker can bypass restrictions via HTTPS Database Server of Apache CouchDB, in order to escalate his privileges...
CVE-2018-11769, FEDORA-2020-83f513fd7e, VIGILANCE-VUL-31793
Apache CouchDB: read-write access via Runtime Configuration
An attacker can bypass access restrictions via Runtime Configuration of Apache CouchDB, in order to read or alter data...
CVE-2018-17188, FEDORA-2020-83f513fd7e, VIGILANCE-VUL-31792
Apache CouchDB: privilege escalation via HTTPS Database Server
An attacker can bypass restrictions via HTTPS Database Server of Apache CouchDB, in order to escalate his privileges...
CVE-2018-8007, FEDORA-2020-83f513fd7e, VIGILANCE-VUL-31791
Mbed TLS: information disclosure via ECDSA Signature Blinded Scalar Reduction
An attacker can bypass access restrictions to data via ECDSA Signature Blinded Scalar Reduction of Mbed TLS, in order to obtain sensitive information...
CVE-2019-18222, FEDORA-2020-5bcfae9f46, FEDORA-2020-8d3ea0fe8d, VIGILANCE-VUL-31623
GNOME GLib: information disclosure via GSocketClient Direct Connect
An attacker can bypass access restrictions to data via GSocketClient Direct Connect of GNOME GLib, in order to obtain sensitive information...
CVE-2020-6750, FEDORA-2020-092ef6572a, FEDORA-2020-339d413324, VIGILANCE-VUL-31571
Node.js Yarn: file corruption via Package Install
A local attacker can create a symbolic link during the Package Install, in order to alter the pointed file, with privileges of Node.js Yarn...
CVE-2019-10773, FEDORA-2020-766ce5adae, VIGILANCE-VUL-31567
ksh: code execution via Environment Variables Arithmetic Expressions
An attacker can use a vulnerability via Environment Variables Arithmetic Expressions of ksh, in order to run code...
CVE-2019-14868, FEDORA-2020-a0f0eb8500, FEDORA-2020-d940aca772, RHSA-2020:0431-01, RHSA-2020:0515-01, RHSA-2020:0559-01, RHSA-2020:0568-01, RHSA-2020:1332-01, RHSA-2020:1333-01, VIGILANCE-VUL-31521
Squid cache: information disclosure via FTP Gateway
A local attacker can read a memory fragment via FTP Gateway of Squid cache, in order to obtain sensitive information...
CERTFR-2020-AVI-070, CVE-2019-12528, FEDORA-2020-790296a8f4, FEDORA-2020-ab8e7463ab, openSUSE-SU-2020:0307-1, SQUID-2020:2, SUSE-SU-2020:0487-1, SUSE-SU-2020:0493-1, SUSE-SU-2020:0661-1, USN-4289-1, VIGILANCE-VUL-31497
XAR: NULL pointer dereference via xar_get_path
An attacker can force a NULL pointer to be dereferenced via xar_get_path() of XAR, in order to trigger a denial of service...
CVE-2017-11125, CVE-2018-17093-REJECT, FEDORA-2020-bbd24dd0cf, FEDORA-2020-edf53cd770, VIGILANCE-VUL-31495
Our database contains other pages. You can request a free trial to read them.

Display information about Fedora: