Vulnerabilities > Fedoraproject
|2021-01-13||CVE-2020-28374|| Path Traversal vulnerability in multiple products |
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
| 5.5 |
|2021-01-06||CVE-2020-8287|| Http Request Smuggling vulnerability in multiple products |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
| 6.4 |
|2021-01-06||CVE-2020-8265|| USE After Free vulnerability in multiple products |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
| 6.8 |
|2021-01-05||CVE-2020-36158|| Classic Buffer Overflow vulnerability in multiple products |
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
| 7.2 |
|2020-12-14||CVE-2020-8286|| Improper Certificate Validation vulnerability in multiple products |
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
| 5.0 |
|2020-12-14||CVE-2020-8285|| Uncontrolled Recursion vulnerability in multiple products |
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
| 5.0 |
|2020-12-14||CVE-2020-8284|| Information Exposure vulnerability in multiple products |
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
| 4.3 |
|2020-12-11||CVE-2020-35132|| Cross-Site Scripting vulnerability in multiple products |
An XSS issue has been discovered in phpLDAPadmin before 126.96.36.199 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
| 3.5 |
|2020-12-11||CVE-2020-27828|| Improper Input Validation vulnerability in multiple products |
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23.
| 6.8 |
|2020-12-09||CVE-2020-29661|| USE After Free vulnerability in multiple products |
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
| 7.2 |