Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
7.5
2020-09-30 CVE-2020-26154 Classic Buffer Overflow vulnerability in multiple products
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
network
low complexity
libproxy-project fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-09-29 CVE-2020-15216 Improper Verification of Cryptographic Signature vulnerability in multiple products
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.
network
low complexity
goxmldsig-project fedoraproject CWE-347
6.5
6.5
2020-09-27 CVE-2020-26121 Incorrect Authorization vulnerability in multiple products
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-26120 Cross-site Scripting vulnerability in multiple products
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25869 Incorrect Authorization vulnerability in multiple products
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-863
7.5
7.5
2020-09-27 CVE-2020-25828 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25827 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-307
7.5
7.5
2020-09-27 CVE-2020-25815 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2020-09-27 CVE-2020-25814 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1