Vulnerabilities > Fedoraproject > Fedora > 34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-18 | CVE-2020-36193 | Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | 7.5 |
2021-01-11 | CVE-2020-35701 | SQL Injection vulnerability in multiple products An issue was discovered in Cacti 1.2.x through 1.2.16. | 8.8 |
2020-12-31 | CVE-2020-35884 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. | 6.5 |
2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 5.5 |
2020-12-16 | CVE-2020-26259 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 6.8 |
2020-12-16 | CVE-2020-26258 | Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 7.7 |
2020-12-08 | CVE-2020-27918 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 7.8 |
2020-12-08 | CVE-2020-25664 | Heap-based Buffer Overflow vulnerability in multiple products In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. | 6.1 |
2020-12-08 | CVE-2020-27818 | Out-of-bounds Read vulnerability in multiple products A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. | 3.3 |
2020-12-03 | CVE-2020-25693 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in CImg in versions prior to 2.9.3. | 8.1 |