fedoraproject
5,423 tracked vulnerabilities.
CVE-2020-35653
HIGH
Pillow < 8.1.0 - Out-of-bounds Read in PCX Decoder
Jan 12, 2021
CVSS 7.1
EPSS 0.01
CVE-2020-35701
HIGH
Cacti 1.2.0-1.2.16 - Authenticated SQL Injection via data_debug.php site_id Parameter
Jan 11, 2021
CVSS 8.8
EPSS 0.05
CVE-2020-16043
HIGH
Google Chrome <87.0.4280.141 - Auth Bypass
Jan 08, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-25678
MEDIUM
Ceph < 16.2.0 - Cleartext Storage of Sensitive Information in Mgr Module Logs
Jan 08, 2021
CVSS 4.4
EPSS 0.00
CVE-2020-8287
MEDIUM
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF
Jan 06, 2021
CVSS 6.5
EPSS 0.16
CVE-2020-8265
HIGH
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - Use After Free
Jan 06, 2021
CVSS 8.1
EPSS 0.09
CVE-2020-27845
MEDIUM
openjpeg < 2.4.0 - Out-of-bounds Read in pi.c
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-27843
MEDIUM
OpenJPEG < 2.4.0 - Out-of-bounds Read
Jan 05, 2021
CVSS 5.5
EPSS 0.02
CVE-2020-27842
MEDIUM
OpenJPEG < 2.4.0 - Denial of Service via Null Pointer Dereference in T2 Encoder
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-27841
MEDIUM
openjpeg < 2.4.0 - Heap-based Buffer Overflow in pi.c
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-36158
HIGH
Linux Kernel < 5.10.4 - Buffer Overflow via Long SSID in mwifiex_cmd_802_11_ad_hoc_start
Jan 05, 2021
CVSS 8.8
EPSS 0.02
CVE-2020-25275
HIGH
Dovecot < 2.3.13 - Denial of Service via Crafted Email with MIME Parts
Jan 04, 2021
CVSS 7.5
EPSS 0.05
CVE-2020-24386
MEDIUM
Dovecot <2.3.13 - Privilege Escalation
Jan 04, 2021
CVSS 6.8
EPSS 0.03
CVE-2020-35496
MEDIUM
binutils < 2.34 - Denial of Service via Crafted File in bfd_pef_scan_start_address
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35495
MEDIUM
binutils < 2.34 - Denial of Service via Null Pointer Dereference in objdump
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35494
MEDIUM
binutils < 2.34 - Use of Uninitialized Resource in tic4x-dis.c
Jan 04, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-35493
MEDIUM
binutils < 2.34 - Heap Buffer Overflow via Crafted PEF File
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35884
MEDIUM
tiny-http < 0.8.0 - HTTP Request Smuggling via Malformed Transfer-Encoding Header
Dec 31, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-35730
MEDIUM
KEV
Roundcube Webmail <1.2.13, 1.3.x<1.3.16, 1.4.x<1.4.10 XSS via linkref_addindex
Dec 28, 2020
CVSS 6.1
EPSS 0.33
CVE-2020-35738
MEDIUM
WavPack 5.3.0 - Integer Overflow to Out-of-Bounds Write in WavpackPackSamples
Dec 28, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-35376
HIGH
Xpdf 4.02 - Stack Consumption via Type 1C Font Charstring in FoFiType1C::getOp()
Dec 26, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-29385
MEDIUM
GNOME gdk-pixbuf < 2.42.2 - Denial of Service via Infinite Loop in LZW Decompression
Dec 26, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-35680
HIGH
OpenSMTPD < 6.8.0p1 - Denial of Service via NULL Pointer Dereference in lka_filter.c
Dec 24, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-35679
HIGH
OpenSMTPD < 6.8.0p1 - Memory Leak via Regex Lookup
Dec 24, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-27846
CRITICAL
Grafana < 6.7.5 - SAML Authentication Bypass via Signature Verification Flaw
Dec 21, 2020
CVSS 9.8
EPSS 0.05
Products
fedora 5,353
extra_packages_for_enterprise_linux 76
389_directory_server 39
sssd 19
fedora_core 8
389_administration_server 1
anaconda 1
arm_installer 1
commons 1
coolkey 1
crypto-utils 1
fedmsg 1
fedora_linux_kernel 1
python-fedora 1
sectool 1
selinux-policy 1
spin-kickstarts 1
supybot-fedora 1
unbound 1
Quick Filters