Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-13999 | Integer Overflow or Wraparound vulnerability in multiple products ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 5.5 |
| 2020-06-15 | CVE-2020-0543 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-06-12 | CVE-2020-4050 | Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. | 3.1 |
| 2020-06-12 | CVE-2020-4049 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. | 2.4 |
| 2020-06-12 | CVE-2020-4048 | Open Redirect vulnerability in multiple products In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. | 5.7 |
| 2020-06-12 | CVE-2020-4047 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. | 6.8 |
| 2020-06-12 | CVE-2020-4046 | Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. | 5.4 |
| 2020-06-11 | CVE-2020-0198 | Integer Overflow or Wraparound vulnerability in multiple products In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. | 7.5 |
| 2020-06-11 | CVE-2020-0181 | Integer Overflow or Wraparound vulnerability in multiple products In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. | 7.5 |
| 2020-06-10 | CVE-2020-2026 | Link Following vulnerability in multiple products A malicious guest compromised before a container creation (e.g. | 8.8 |