Vulnerabilities > Fedoraproject > Fedora > 34

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-30	CVE-2020-11867	Incorrect Default Permissions vulnerability in multiple products Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. local low complexity audacityteam fedoraproject CWE-276	3.3
2020-11-25	CVE-2020-29074	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT\|0777 in shmget calls, which allows access by actors other than the current user. network low complexity x11vnc-project fedoraproject debian CWE-732	8.8
2020-11-24	CVE-2020-28928	Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). local low complexity musl-libc debian fedoraproject oracle CWE-787	5.5
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-12	CVE-2020-25658	Covert Timing Channel vulnerability in multiple products It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. network high complexity python-rsa-project redhat fedoraproject CWE-385	5.9
2020-10-22	CVE-2020-27619	In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. network low complexity python fedoraproject oracle critical	9.8
2020-10-07	CVE-2020-26880	Improper Privilege Management vulnerability in multiple products Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. local low complexity sympa fedoraproject debian CWE-269	7.8
2020-09-15	CVE-2020-8927	Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. network low complexity google debian fedoraproject canonical opensuse microsoft CWE-120	6.5
2020-07-27	CVE-2020-12460	Out-of-bounds Write vulnerability in multiple products OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. network low complexity trusteddomain fedoraproject debian CWE-787 critical	9.8