Total
5302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36327 | 3 Bundler, Fedoraproject, Microsoft | 3 Bundler, Fedora, Package Manager Configurations | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | |||||
| CVE-2020-36323 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | |||||
| CVE-2020-36314 | 2 Fedoraproject, Gnome | 2 Fedora, File-roller | 2024-11-21 | 2.6 LOW | 3.9 LOW |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | |||||
| CVE-2020-36281 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. | |||||
| CVE-2020-36280 | 2 Fedoraproject, Leptonica | 2 Fedora, Leptonica | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. | |||||
| CVE-2020-36279 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. | |||||
| CVE-2020-36278 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. | |||||
| CVE-2020-36277 | 4 Debian, Fedoraproject, Leptonica and 1 more | 4 Debian Linux, Fedora, Leptonica and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. | |||||
| CVE-2020-36242 | 3 Cryptography.io, Fedoraproject, Oracle | 3 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | |||||
| CVE-2020-36241 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-autoar | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
| CVE-2020-36158 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | |||||
| CVE-2020-36152 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA. | |||||
| CVE-2020-36151 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block. | |||||
| CVE-2020-36150 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. | |||||
| CVE-2020-36149 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). | |||||
| CVE-2020-36148 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments). | |||||
| CVE-2020-35884 | 2 Fedoraproject, Tiny-http Project | 2 Fedora, Tiny-http | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | |||||
| CVE-2020-35738 | 3 Debian, Fedoraproject, Wavpack | 3 Debian Linux, Fedora, Wavpack | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. | |||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||||
| CVE-2020-35701 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | |||||