Fedoraproject: >> Fedora >> 32 Security Vulnerabilities
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-26
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-26
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-26
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-26
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-06-25
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-25
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-06-25
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
CVSS Score
5.5
EPSS Score
0.004
Published
2020-06-25
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-06-25
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled.
CVSS Score
3.1
EPSS Score
0.009
Published
2020-06-24