Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2020-14409 Integer Overflow or Wraparound vulnerability in multiple products
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. 		7.8
7.8
2021-01-19 CVE-2021-3181 Memory Leak vulnerability in multiple products
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
network
low complexity
mutt debian fedoraproject CWE-401
6.5
6.5
2021-01-19 CVE-2021-3178 Path Traversal vulnerability in multiple products
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.
network
low complexity
linux fedoraproject debian CWE-22
6.5
6.5
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2021-01-18 CVE-2020-36193 Link Following vulnerability in multiple products
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
network
low complexity
php fedoraproject debian drupal CWE-59
7.5
7.5
2021-01-15 CVE-2020-35733 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Erlang/OTP before 23.2.2.
network
low complexity
erlang fedoraproject CWE-295
7.5
7.5
2021-01-13 CVE-2020-26262 Confused Deputy vulnerability in multiple products
Coturn is free open source implementation of TURN and STUN Server.
network
low complexity
coturn-project fedoraproject CWE-441
7.2
7.2
2021-01-13 CVE-2020-28374 Path Traversal vulnerability in multiple products
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
network
low complexity
linux fedoraproject debian CWE-22
8.1
8.1
2021-01-12 CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability
network
low complexity
microsoft fedoraproject
7.5
7.5
2021-01-12 CVE-2020-25657 Covert Timing Channel vulnerability in multiple products
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext.
network
high complexity
m2crypto-project redhat fedoraproject CWE-385
5.9
5.9