Vulnerabilities > Fedoraproject > Fedora > 31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-05 | CVE-2020-10878 | Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. | 8.6 |
2020-06-05 | CVE-2020-10543 | Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | 8.2 |
2020-06-04 | CVE-2020-13777 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). | 7.4 |
2020-06-03 | CVE-2020-11080 | Improper Enforcement of Message or Data Structure vulnerability in multiple products In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. | 7.5 |
2020-06-03 | CVE-2020-13379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. | 8.2 |
2020-06-02 | CVE-2020-13775 | NULL Pointer Dereference vulnerability in multiple products ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | 6.5 |
2020-06-02 | CVE-2020-13401 | Improper Input Validation vulnerability in multiple products An issue was discovered in Docker Engine before 19.03.11. | 6.0 |
2020-06-01 | CVE-2020-13757 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. | 7.5 |
2020-05-28 | CVE-2020-13645 | Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. | 6.5 |
2020-05-27 | CVE-2020-10936 | Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. | 7.8 |