Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1
2020-03-04 CVE-2020-10029 Out-of-bounds Write vulnerability in multiple products
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets.
5.5
2020-02-27 CVE-2020-7042 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later.
5.3
2020-02-27 CVE-2020-7041 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later.
5.3
2020-02-25 CVE-2020-9391 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.
local
low complexity
linux fedoraproject netapp CWE-787
5.5
2020-02-25 CVE-2020-8793 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
local
high complexity
opensmtpd fedoraproject canonical CWE-367
4.7
2020-02-24 CVE-2020-8130 OS Command Injection vulnerability in multiple products
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
6.4
2020-02-20 CVE-2019-20479 Open Redirect vulnerability in multiple products
A flaw was found in mod_auth_openidc before version 2.4.1.
network
low complexity
openidc debian fedoraproject opensuse CWE-601
6.1
2020-02-12 CVE-2020-7957 Improper Input Validation vulnerability in multiple products
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists.
network
low complexity
dovecot fedoraproject CWE-20
5.3
2020-02-11 CVE-2020-6408 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
network
low complexity
google opensuse fedoraproject debian suse redhat
6.5