Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-25 | CVE-2020-10379 | In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | Ubuntu_linux, Fedora, Pillow | 7.8 | ||
| 2020-06-25 | CVE-2020-10994 | In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | Ubuntu_linux, Fedora, Pillow | 5.5 | ||
| 2020-06-25 | CVE-2020-11538 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | Ubuntu_linux, Fedora, Pillow | 8.1 | ||
| 2020-06-26 | CVE-2020-10753 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. | Ubuntu_linux, Fedora, Ceph, Leap, Ceph_storage, Openstack | 6.5 | ||
| 2020-06-30 | CVE-2017-18922 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | Ubuntu_linux, Fedora, Libvncserver, Leap, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware | 9.8 | ||
| 2020-07-06 | CVE-2020-10760 | A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | Ubuntu_linux, Fedora, Leap, Samba | 6.5 | ||
| 2020-07-07 | CVE-2020-10730 | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Leap, Storage, Samba | 6.5 | ||
| 2020-07-07 | CVE-2020-10745 | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Leap, Samba | 7.5 | ||
| 2020-07-09 | CVE-2020-12402 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. | Debian_linux, Fedora, Firefox, Leap | 4.4 | ||
| 2020-07-13 | CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, Leap, Zfs_storage_appliance_kit, Python | 7.5 |