Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-25660 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus.
low complexity
redhat fedoraproject
8.8
8.8
2020-11-21 CVE-2020-25725 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem.
local
low complexity
xpdfreader fedoraproject
5.5
5.5
2020-11-20 CVE-2020-20740 Out-of-bounds Write vulnerability in multiple products
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). 		7.8
7.8
2020-11-20 CVE-2020-20739 Missing Initialization of Resource vulnerability in multiple products
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
network
low complexity
libvips debian fedoraproject CWE-909
5.3
5.3
2020-11-20 CVE-2020-13671 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.
network
low complexity
drupal fedoraproject CWE-434
8.8
8.8
2020-11-20 CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
local
high complexity
ibm fedoraproject oracle
4.7
4.7
2020-11-19 CVE-2020-28924 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
An issue was discovered in Rclone before 1.53.3.
network
low complexity
rclone fedoraproject CWE-338
7.5
7.5
2020-11-19 CVE-2020-28949 Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
local
low complexity
php debian fedoraproject drupal
7.8
7.8
2020-11-19 CVE-2020-28948 Deserialization of Untrusted Data vulnerability in multiple products
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
local
low complexity
php debian fedoraproject drupal CWE-502
7.8
7.8
2020-11-19 CVE-2020-28941 Release of Invalid Pointer or Reference vulnerability in multiple products
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.
local
low complexity
linux fedoraproject debian CWE-763
5.5
5.5