Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2020-26572 | Out-of-bounds Write vulnerability in multiple products The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | 5.5 |
| 2020-10-06 | CVE-2020-26571 | Out-of-bounds Write vulnerability in multiple products The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | 5.5 |
| 2020-10-06 | CVE-2020-26570 | Out-of-bounds Write vulnerability in multiple products The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | 5.5 |
| 2020-10-05 | CVE-2020-8223 | Improper Privilege Management vulnerability in multiple products A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | 6.5 |
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-10-02 | CVE-2020-26519 | Out-of-bounds Write vulnerability in multiple products Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | 5.5 |
| 2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |
| 2020-09-30 | CVE-2020-26154 | Classic Buffer Overflow vulnerability in multiple products url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | 9.8 |
| 2020-09-29 | CVE-2020-15216 | Improper Verification of Cryptographic Signature vulnerability in multiple products In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. | 6.5 |