Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-15 CVE-2020-13999 Integer Overflow or Wraparound vulnerability in multiple products
ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.
local
low complexity
libemf-project fedoraproject CWE-190
5.5
2020-06-15 CVE-2020-0543 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-06-12 CVE-2020-4048 In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked.
network
low complexity
wordpress fedoraproject debian
5.7
2020-06-12 CVE-2020-4047 In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way.
network
low complexity
wordpress fedoraproject debian
6.8
2020-06-12 CVE-2020-4046 Cross-site Scripting vulnerability in multiple products
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor.
network
low complexity
wordpress debian fedoraproject CWE-79
5.4
2020-06-09 CVE-2020-13977 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.
network
low complexity
nagios fedoraproject CWE-829
4.9
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube debian fedoraproject CWE-79
6.1
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
2020-06-08 CVE-2020-10754 Missing Authentication for Critical Function vulnerability in multiple products
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
network
low complexity
gnome fedoraproject CWE-306
4.3
2020-06-08 CVE-2020-13696 Incorrect Authorization vulnerability in multiple products
An issue was discovered in LinuxTV xawtv before 3.107.
4.4