Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-09 | CVE-2020-6750 | GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are... | Fedora, Glib | 5.9 | ||
| 2020-01-10 | CVE-2020-6377 | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap, Enterprise_linux_desktop, Enterprise_linux_workstation | 8.8 | ||
| 2020-01-13 | CVE-2020-6851 | OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | Debian_linux, Fedora, Georaster, Outside_in_technology, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openjpeg | 7.5 | ||
| 2020-01-13 | CVE-2020-6860 | libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. | Fedora, Libmysofa | 8.8 | ||
| 2020-01-29 | CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | Ubuntu_linux, Debian_linux, Fedora, Opensmtpd | 9.8 | ||
| 2020-01-21 | CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Symantec_netbackup, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2 | 7.5 | ||
| 2020-01-16 | CVE-2020-7044 | In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. | Fedora, Leap, Solaris, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2020-01-16 | CVE-2020-7105 | async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | Debian_linux, Fedora, Hiredis | 7.5 | ||
| 2020-01-16 | CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | Cacti, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Backports_sle, Leap, Package_hub | 6.1 | ||
| 2020-01-27 | CVE-2020-7238 | Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | Debian_linux, Fedora, Netty, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_text\-Only_advisories, Openshift_application_runtimes_text\-Only_advisories | 7.5 |