Vulnerabilities > Fedoraproject > Fedora > 31
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-03 | CVE-2020-5312 | Classic Buffer Overflow vulnerability in multiple products libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | 9.8 |
| 2020-01-03 | CVE-2020-5311 | Classic Buffer Overflow vulnerability in multiple products libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | 9.8 |
| 2020-01-03 | CVE-2020-5310 | Integer Overflow or Wraparound vulnerability in multiple products libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | 8.8 |
| 2019-12-31 | CVE-2019-20176 | Resource Exhaustion vulnerability in multiple products In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | 7.5 |
| 2019-12-30 | CVE-2019-20093 | NULL Pointer Dereference vulnerability in multiple products The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | 5.5 |
| 2019-12-27 | CVE-2019-20051 | Incorrect Calculation vulnerability in multiple products A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. | 5.5 |
| 2019-12-27 | CVE-2019-20021 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | 5.5 |
| 2019-12-26 | CVE-2019-16789 | HTTP Request Smuggling vulnerability in multiple products In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. | 8.2 |
| 2019-12-23 | CVE-2019-11050 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 6.5 |
| 2019-12-23 | CVE-2019-11049 | Double Free vulnerability in multiple products In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | 9.8 |