Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-20	CVE-2020-3481	NULL Pointer Dereference vulnerability in multiple products A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. network low complexity clamav debian canonical fedoraproject CWE-476	7.5
2020-07-20	CVE-2020-15121	OS Command Injection vulnerability in multiple products In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. network low complexity radare fedoraproject CWE-78 critical	9.6
2020-07-17	CVE-2020-15586	Race Condition vulnerability in multiple products Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. network high complexity golang cloudfoundry debian opensuse fedoraproject CWE-362	5.9
2020-07-17	CVE-2020-14928	Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. network high complexity gnome debian fedoraproject canonical CWE-74	5.9
2020-07-17	CVE-2020-14001	Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). network low complexity kramdown-project debian fedoraproject canonical CWE-862 critical	9.8
2020-07-17	CVE-2020-15803	Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. network low complexity zabbix fedoraproject debian opensuse CWE-79	6.1
2020-07-15	CVE-2020-15117	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. network low complexity symless fedoraproject CWE-754	6.5
2020-07-15	CVE-2020-14619	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network low complexity netapp fedoraproject canonical oracle	6.5
2020-07-15	CVE-2020-14614	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity netapp fedoraproject canonical oracle	4.9
2020-07-15	CVE-2020-14597	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity netapp fedoraproject canonical oracle	4.9