Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-03 | CVE-2020-5311 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5312 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5313 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 7.1 | ||
| 2020-01-03 | CVE-2020-5395 | FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | Fedora, Fontforge, Leap | 8.8 | ||
| 2020-01-09 | CVE-2020-6750 | GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are... | Fedora, Glib | 5.9 | ||
| 2020-01-10 | CVE-2020-6377 | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap, Enterprise_linux_desktop, Enterprise_linux_workstation | 8.8 | ||
| 2020-01-13 | CVE-2020-6851 | OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | Debian_linux, Fedora, Georaster, Outside_in_technology, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openjpeg | 7.5 | ||
| 2020-01-13 | CVE-2020-6860 | libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. | Fedora, Libmysofa | 8.8 | ||
| 2020-01-29 | CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | Ubuntu_linux, Debian_linux, Fedora, Opensmtpd | 9.8 | ||
| 2020-01-21 | CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Symantec_netbackup, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2 | 7.5 |