| 2020-12-15 | CVE-2020-29480 | Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x. | 2.3 |
| 2020-12-14 | CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | 3.7 |
| 2020-12-10 | CVE-2020-29668 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. | 3.7 |
| 2020-12-08 | CVE-2020-27818 | Out-of-bounds Read vulnerability in multiple products
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. | 3.3 |
| 2020-11-30 | CVE-2020-11867 | Incorrect Default Permissions vulnerability in multiple products
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. | 3.3 |
| 2020-10-21 | CVE-2020-14779 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 3.7 |
| 2020-10-21 | CVE-2020-14791 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 2.2 |
| 2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 3.3 |
| 2020-08-24 | CVE-2020-24612 | Improper Authentication vulnerability in Fedoraproject Selinux-Policy 20200824/3.14
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. | 1.9 |
| 2020-08-03 | CVE-2020-16116 | Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | 3.3 |