Filtered by vendor Fedoraproject
Subscribe
Total
5335 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10684 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Fedora, Ansible and 2 more | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
| A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. | |||||
| CVE-2020-10675 | 2 Fedoraproject, Jsonparser Project | 2 Fedora, Jsonparser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. | |||||
| CVE-2020-10663 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Macos, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | |||||
| CVE-2020-10543 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 15 Fedora, Leap, Communications Billing And Revenue Management and 12 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||||
| CVE-2020-10531 | 9 Canonical, Debian, Fedoraproject and 6 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | |||||
| CVE-2020-10379 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | |||||
| CVE-2020-10378 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | |||||
| CVE-2020-10232 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | |||||
| CVE-2020-10188 | 6 Arista, Debian, Fedoraproject and 3 more | 6 Eos, Debian Linux, Fedora and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. | |||||
| CVE-2020-10177 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | |||||
| CVE-2020-10174 | 3 Canonical, Fedoraproject, Timeshift Project | 3 Ubuntu Linux, Fedora, Timeshift | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2020-10018 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. | |||||
| CVE-2020-0549 | 5 Canonical, Debian, Fedoraproject and 2 more | 858 Ubuntu Linux, Debian Linux, Fedora and 855 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0543 | 6 Canonical, Fedoraproject, Intel and 3 more | 719 Ubuntu Linux, Fedora, Celeron 1000m and 716 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0499 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 | |||||
| CVE-2020-0452 | 2 Fedoraproject, Google | 2 Fedora, Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 | |||||
| CVE-2020-0198 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 | |||||
| CVE-2020-0181 | 3 Fedoraproject, Google, Libexif Project | 3 Fedora, Android, Libexif | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 | |||||
| CVE-2020-0081 | 2 Fedoraproject, Google | 2 Fedora, Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | |||||