Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-25 CVE-2020-11538 Out-of-bounds Read vulnerability in multiple products
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
network
high complexity
python fedoraproject canonical CWE-125
8.1
8.1
2020-06-25 CVE-2020-10379 Classic Buffer Overflow vulnerability in multiple products
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
local
low complexity
python fedoraproject canonical CWE-120
7.8
7.8
2020-06-22 CVE-2020-4031 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject.
network
low complexity
freerdp fedoraproject opensuse canonical debian
7.5
7.5
2020-06-19 CVE-2020-14929 Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
network
low complexity
alpine-project fedoraproject debian
7.5
7.5
2020-06-18 CVE-2017-9108 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in adns before 1.5.2.
network
low complexity
gnu opensuse fedoraproject CWE-119
7.5
7.5
2020-06-18 CVE-2017-9107 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in adns before 1.5.2.
network
low complexity
gnu fedoraproject CWE-119
7.5
7.5
2020-06-18 CVE-2017-9106 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in adns before 1.5.2.
network
low complexity
gnu fedoraproject CWE-119
7.5
7.5
2020-06-18 CVE-2017-9105 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in adns before 1.5.2.
network
low complexity
gnu fedoraproject CWE-476
8.8
8.8
2020-06-17 CVE-2020-14040 Infinite Loop vulnerability in multiple products
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.
network
low complexity
golang fedoraproject CWE-835
7.5
7.5
2020-06-17 CVE-2020-14295 SQL Injection vulnerability in multiple products
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter.
network
low complexity
cacti fedoraproject CWE-89
7.2
7.2