Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-30	CVE-2020-25624	Out-of-bounds Read vulnerability in multiple products hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. local high complexity qemu debian CWE-125	5.0
2020-11-28	CVE-2020-27218	In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. network high complexity eclipse netapp oracle apache debian	4.8
2020-11-26	CVE-2020-29130	Out-of-bounds Read vulnerability in multiple products slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. network low complexity libslirp-project debian fedoraproject CWE-125	4.3
2020-11-26	CVE-2020-29129	Out-of-bounds Read vulnerability in multiple products ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. network low complexity libslirp-project fedoraproject debian CWE-125	4.3
2020-11-26	CVE-2020-25653	Race Condition vulnerability in multiple products A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. local high complexity spice-space debian fedoraproject CWE-362	6.3
2020-11-26	CVE-2020-25652	A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. local low complexity spice-space debian fedoraproject	5.5
2020-11-26	CVE-2020-25651	A flaw was found in the SPICE file transfer protocol. local high complexity spice-space debian fedoraproject	6.4
2020-11-25	CVE-2020-25650	A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. local low complexity spice-space debian fedoraproject	5.5
2020-11-24	CVE-2020-28928	Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). local low complexity musl-libc debian fedoraproject oracle CWE-787	5.5
2020-11-23	CVE-2020-28896	Improper Handling of Exceptional Conditions vulnerability in multiple products Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. network high complexity neomutt mutt debian CWE-755	5.3