Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-02 | CVE-2020-16150 | Information Exposure Through Discrepancy vulnerability in multiple products A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. | 5.5 |
| 2020-09-01 | CVE-2020-24584 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). | 7.5 |
| 2020-09-01 | CVE-2020-24583 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). | 7.5 |
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-30 | CVE-2020-14352 | Path Traversal vulnerability in multiple products A flaw was found in librepo in versions before 1.12.1. | 8.0 |
| 2020-08-29 | CVE-2020-24972 | Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. | 8.8 |
| 2020-08-26 | CVE-2020-24661 | Improper Certificate Validation vulnerability in multiple products GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. | 5.9 |
| 2020-08-25 | CVE-2020-24614 | Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. | 8.8 |
| 2020-08-24 | CVE-2020-24612 | Improper Authentication vulnerability in Fedoraproject Selinux-Policy 20200824/3.14 An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. | 1.9 |
| 2020-08-24 | CVE-2020-24606 | Improper Locking vulnerability in multiple products Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. | 7.5 |