Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-24388 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24387 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24266 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24265 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-16 CVE-2020-9983 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue was addressed with improved bounds checking.
network
low complexity
apple fedoraproject CWE-787
8.8
8.8
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-10-10 CVE-2020-26934 Cross-site Scripting vulnerability in multiple products
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-79
6.1
6.1
2020-10-07 CVE-2020-26880 Improper Privilege Management vulnerability in multiple products
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
local
low complexity
sympa fedoraproject debian CWE-269
7.8
7.8
2020-10-06 CVE-2020-26575 Infinite Loop vulnerability in multiple products
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2020-10-06 CVE-2020-25866 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-476
7.5
7.5