fedoraproject

5,423 tracked vulnerabilities.

CVE-2020-35653 HIGH
Pillow < 8.1.0 - Out-of-bounds Read in PCX Decoder
Jan 12, 2021
CVSS 7.1
EPSS 0.01
CVE-2020-35701 HIGH
Cacti 1.2.0-1.2.16 - Authenticated SQL Injection via data_debug.php site_id Parameter
Jan 11, 2021
CVSS 8.8
EPSS 0.05
CVE-2020-16043 HIGH
Google Chrome <87.0.4280.141 - Auth Bypass
Jan 08, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-25678 MEDIUM
Ceph < 16.2.0 - Cleartext Storage of Sensitive Information in Mgr Module Logs
Jan 08, 2021
CVSS 4.4
EPSS 0.00
CVE-2020-8287 MEDIUM
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - SSRF
Jan 06, 2021
CVSS 6.5
EPSS 0.16
CVE-2020-8265 HIGH
Node.js <10.23.1, 12.20.1, 14.15.4, 15.5.1 - Use After Free
Jan 06, 2021
CVSS 8.1
EPSS 0.09
CVE-2020-27845 MEDIUM
openjpeg < 2.4.0 - Out-of-bounds Read in pi.c
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-27843 MEDIUM
OpenJPEG < 2.4.0 - Out-of-bounds Read
Jan 05, 2021
CVSS 5.5
EPSS 0.02
CVE-2020-27842 MEDIUM
OpenJPEG < 2.4.0 - Denial of Service via Null Pointer Dereference in T2 Encoder
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-27841 MEDIUM
openjpeg < 2.4.0 - Heap-based Buffer Overflow in pi.c
Jan 05, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-36158 HIGH
Linux Kernel < 5.10.4 - Buffer Overflow via Long SSID in mwifiex_cmd_802_11_ad_hoc_start
Jan 05, 2021
CVSS 8.8
EPSS 0.02
CVE-2020-25275 HIGH
Dovecot < 2.3.13 - Denial of Service via Crafted Email with MIME Parts
Jan 04, 2021
CVSS 7.5
EPSS 0.05
CVE-2020-24386 MEDIUM
Dovecot <2.3.13 - Privilege Escalation
Jan 04, 2021
CVSS 6.8
EPSS 0.03
CVE-2020-35496 MEDIUM
binutils < 2.34 - Denial of Service via Crafted File in bfd_pef_scan_start_address
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35495 MEDIUM
binutils < 2.34 - Denial of Service via Null Pointer Dereference in objdump
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35494 MEDIUM
binutils < 2.34 - Use of Uninitialized Resource in tic4x-dis.c
Jan 04, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-35493 MEDIUM
binutils < 2.34 - Heap Buffer Overflow via Crafted PEF File
Jan 04, 2021
CVSS 5.5
EPSS 0.01
CVE-2020-35884 MEDIUM
tiny-http < 0.8.0 - HTTP Request Smuggling via Malformed Transfer-Encoding Header
Dec 31, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-35730 MEDIUM KEV
Roundcube Webmail <1.2.13, 1.3.x<1.3.16, 1.4.x<1.4.10 XSS via linkref_addindex
Dec 28, 2020
CVSS 6.1
EPSS 0.33
CVE-2020-35738 MEDIUM
WavPack 5.3.0 - Integer Overflow to Out-of-Bounds Write in WavpackPackSamples
Dec 28, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-35376 HIGH
Xpdf 4.02 - Stack Consumption via Type 1C Font Charstring in FoFiType1C::getOp()
Dec 26, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-29385 MEDIUM
GNOME gdk-pixbuf < 2.42.2 - Denial of Service via Infinite Loop in LZW Decompression
Dec 26, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-35680 HIGH
OpenSMTPD < 6.8.0p1 - Denial of Service via NULL Pointer Dereference in lka_filter.c
Dec 24, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-35679 HIGH
OpenSMTPD < 6.8.0p1 - Memory Leak via Regex Lookup
Dec 24, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-27846 CRITICAL
Grafana < 6.7.5 - SAML Authentication Bypass via Signature Verification Flaw
Dec 21, 2020
CVSS 9.8
EPSS 0.05