Vulnerabilities > Fedoraproject > Fedora > 31
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-19 | CVE-2020-24265 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tcpreplay tcpprep v4.3.3. | 7.5 |
2020-10-10 | CVE-2020-26935 | SQL Injection vulnerability in multiple products An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. | 9.8 |
2020-10-10 | CVE-2020-26934 | Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 |
2020-10-06 | CVE-2020-25866 | NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. | 7.5 |
2020-10-06 | CVE-2020-25863 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. | 7.5 |
2020-10-06 | CVE-2020-25862 | Improper Validation of Integrity Check Value vulnerability in multiple products In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. | 7.5 |
2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |
2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |