Total
5262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1045 | 3 Fedoraproject, Microsoft, Redhat | 6 Fedora, Asp.net Core, Enterprise Linux and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | |||||
| CVE-2020-19752 | 2 Fedoraproject, Lcdf | 2 Fedora, Gifsicle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | |||||
| CVE-2020-18442 | 3 Debian, Fedoraproject, Zziplib Project | 3 Debian Linux, Fedora, Zziplib | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | |||||
| CVE-2020-18032 | 3 Debian, Fedoraproject, Graphviz | 3 Debian Linux, Fedora, Graphviz | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. | |||||
| CVE-2020-17507 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | |||||
| CVE-2020-17498 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | |||||
| CVE-2020-17487 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. | |||||
| CVE-2020-17368 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | |||||
| CVE-2020-17367 | 4 Debian, Fedoraproject, Firejail Project and 1 more | 4 Debian Linux, Fedora, Firejail and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | |||||
| CVE-2020-17353 | 4 Debian, Fedoraproject, Lilypond and 1 more | 5 Debian Linux, Fedora, Lilypond and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | |||||
| CVE-2020-16845 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | |||||
| CVE-2020-16592 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. | |||||
| CVE-2020-16269 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | |||||
| CVE-2020-16166 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | |||||
| CVE-2020-16156 | 2 Fedoraproject, Perl | 2 Fedora, Comprehensive Perl Archive Network | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| CPAN 2.28 allows Signature Verification Bypass. | |||||
| CVE-2020-16154 | 2 App\, Fedoraproject | 2 \, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. | |||||
| CVE-2020-16150 | 3 Arm, Debian, Fedoraproject | 3 Mbed Tls, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. | |||||
| CVE-2020-16145 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. | |||||
| CVE-2020-16135 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | |||||
| CVE-2020-16116 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | |||||