Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-28374 Path Traversal vulnerability in multiple products
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
network
low complexity
linux fedoraproject CWE-22
5.5
2021-01-06 CVE-2020-8287 Http Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject CWE-444
6.4
2021-01-06 CVE-2020-8265 USE After Free vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation.
6.8
2021-01-05 CVE-2020-36158 Classic Buffer Overflow vulnerability in multiple products
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
local
low complexity
linux fedoraproject CWE-120
7.2
2020-12-14 CVE-2020-8286 Improper Certificate Validation vulnerability in multiple products
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
network
low complexity
haxx debian fedoraproject CWE-295
5.0
2020-12-14 CVE-2020-8285 Uncontrolled Recursion vulnerability in multiple products
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
network
low complexity
haxx debian fedoraproject CWE-674
5.0
2020-12-14 CVE-2020-8284 Information Exposure vulnerability in multiple products
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
4.3
2020-12-11 CVE-2020-35132 Cross-Site Scripting vulnerability in multiple products
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
3.5
2020-12-11 CVE-2020-27828 Improper Input Validation vulnerability in multiple products
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23.
6.8
2020-12-09 CVE-2020-29661 USE After Free vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
local
low complexity
linux fedoraproject CWE-416
7.2