Vulnerabilities > Fedoraproject > Fedora > 34

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-03	CVE-2020-25693	A flaw was found in CImg in versions prior to 2.9.3. network low complexity cimg fedoraproject	8.1
2020-11-30	CVE-2020-11867	Incorrect Default Permissions vulnerability in multiple products Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. local low complexity audacityteam fedoraproject CWE-276	3.3
2020-11-25	CVE-2020-29074	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT\|0777 in shmget calls, which allows access by actors other than the current user. network low complexity x11vnc-project fedoraproject debian CWE-732	8.8
2020-11-24	CVE-2020-28928	Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). local low complexity musl-libc debian fedoraproject oracle CWE-787	5.5
2020-11-19	CVE-2020-28949	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-12	CVE-2020-25658	It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. network high complexity python-rsa-project redhat fedoraproject	5.9
2020-10-22	CVE-2020-27619	In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. network low complexity python fedoraproject oracle critical	9.8
2020-10-07	CVE-2020-26880	Improper Privilege Management vulnerability in multiple products Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. local low complexity sympa fedoraproject debian CWE-269	7.8
2020-09-15	CVE-2020-8927	Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. network low complexity google debian fedoraproject canonical opensuse microsoft CWE-120	6.5