Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2019-20919 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the DBI module before 1.643 for Perl. | 4.7 |
| 2020-09-16 | CVE-2020-14382 | Out-of-bounds Write vulnerability in multiple products A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. | 7.8 |
| 2020-09-16 | CVE-2020-14393 | Out-of-bounds Write vulnerability in multiple products A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. | 7.1 |
| 2020-09-16 | CVE-2020-14392 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. | 5.5 |
| 2020-09-16 | CVE-2020-14386 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel before 5.9-rc4. | 7.8 |
| 2020-09-15 | CVE-2020-8927 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. | 6.5 |
| 2020-09-11 | CVE-2020-14363 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow vulnerability leading to a double-free was found in libX11. | 7.8 |
| 2020-09-11 | CVE-2020-1045 | <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | 7.5 |
| 2020-09-11 | CVE-2020-15169 | Cross-site Scripting vulnerability in multiple products In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. | 6.1 |
| 2020-09-11 | CVE-2020-15166 | Resource Exhaustion vulnerability in multiple products In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. | 7.5 |