Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-10029 | Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. | 5.5 |
| 2020-02-27 | CVE-2020-7042 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |
| 2020-02-27 | CVE-2020-7041 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |
| 2020-02-25 | CVE-2020-9391 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. | 5.5 |
| 2020-02-25 | CVE-2020-8793 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | 4.7 |
| 2020-02-24 | CVE-2020-8130 | OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 6.4 |
| 2020-02-20 | CVE-2019-20479 | Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. | 6.1 |
| 2020-02-12 | CVE-2020-7957 | Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. | 5.3 |
| 2020-02-11 | CVE-2020-6408 | Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 |
| 2020-02-11 | CVE-2020-6403 | Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |