Vulnerabilities > Fedoraproject > Fedora > 35

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-31	CVE-2020-35884	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. network low complexity tiny-http-project fedoraproject CWE-444	6.5
2020-12-16	CVE-2020-26259	OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network high complexity apache xstream debian fedoraproject CWE-78	6.8
2020-12-16	CVE-2020-26258	Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity apache xstream debian fedoraproject CWE-918	7.7
2020-11-19	CVE-2020-28949	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-12	CVE-2020-25658	It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. network high complexity python-rsa-project redhat fedoraproject	5.9
2020-09-15	CVE-2020-8927	Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. network low complexity google debian fedoraproject canonical opensuse microsoft CWE-120	6.5
2020-01-13	CVE-2020-6860	Out-of-bounds Write vulnerability in multiple products libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. network low complexity symonics fedoraproject CWE-787	8.8
2019-02-17	CVE-2019-8379	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in AdvanceCOMP through 2.1. local low complexity advancemame debian fedoraproject redhat CWE-476	7.8
2019-01-31	CVE-2019-7282	In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . network high complexity netkit debian fedoraproject	5.9