Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
| 2020-03-04 | CVE-2020-10029 | Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. | 5.5 |
| 2020-02-27 | CVE-2020-7042 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |
| 2020-02-27 | CVE-2020-7041 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. | 5.3 |
| 2020-02-25 | CVE-2020-9391 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. | 5.5 |
| 2020-02-25 | CVE-2020-8793 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | 4.7 |
| 2020-02-24 | CVE-2020-8130 | OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 6.4 |
| 2020-02-20 | CVE-2019-20479 | Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. | 6.1 |
| 2020-02-12 | CVE-2020-7957 | Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. | 5.3 |
| 2020-02-11 | CVE-2020-6408 | Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 |