Total
5267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36149 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). | |||||
| CVE-2020-36148 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). | |||||
| CVE-2020-35884 | 2 Fedoraproject, Tiny-http Project | 2 Fedora, Tiny-http | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | |||||
| CVE-2020-35738 | 3 Debian, Fedoraproject, Wavpack | 3 Debian Linux, Fedora, Wavpack | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. | |||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | |||||
| CVE-2020-35680 | 2 Fedoraproject, Opensmtpd | 2 Fedora, Opensmtpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. | |||||
| CVE-2020-35679 | 2 Fedoraproject, Opensmtpd | 2 Fedora, Opensmtpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. | |||||
| CVE-2020-35662 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | |||||
| CVE-2020-35655 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | |||||
| CVE-2020-35654 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||||
| CVE-2020-35653 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | |||||
| CVE-2020-35628 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-35524 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-35522 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | |||||
| CVE-2020-35521 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | |||||
| CVE-2020-35504 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-35503 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-35496 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-35495 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. | |||||