Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-22 | CVE-2020-11096 | In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. | 6.5 |
| 2020-06-22 | CVE-2020-11095 | In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. | 5.4 |
| 2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
| 2020-06-18 | CVE-2020-13882 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. | 4.2 |
| 2020-06-18 | CVE-2020-14422 | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
| 2020-06-18 | CVE-2020-3350 | Race Condition vulnerability in multiple products A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. | 6.3 |
| 2020-06-17 | CVE-2020-8619 | Improper Resource Shutdown or Release vulnerability in multiple products In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. | 4.9 |
| 2020-06-15 | CVE-2020-13999 | Integer Overflow or Wraparound vulnerability in multiple products ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 5.5 |
| 2020-06-15 | CVE-2020-0543 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-06-12 | CVE-2020-4048 | In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. | 5.7 |