Vulnerabilities > Fedoraproject > Fedora > 31

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2020-27671 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
local
high complexity
xen opensuse debian fedoraproject
7.8
7.8
2020-10-22 CVE-2020-27670 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
local
high complexity
xen opensuse fedoraproject debian CWE-345
7.8
7.8
2020-10-22 CVE-2020-27638 Reachable Assertion vulnerability in multiple products
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.
network
low complexity
fastd-project debian fedoraproject CWE-617
7.5
7.5
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5
7.5
2020-10-19 CVE-2020-24266 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24265 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-10 CVE-2020-26935 SQL Injection vulnerability in multiple products
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-89
critical
 9.8
9.8
2020-10-10 CVE-2020-26934 Cross-site Scripting vulnerability in multiple products
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
network
low complexity
phpmyadmin opensuse fedoraproject debian CWE-79
6.1
6.1
2020-10-06 CVE-2020-25866 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.
network
low complexity
wireshark fedoraproject opensuse oracle CWE-476
7.5
7.5
2020-10-06 CVE-2020-25863 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
network
low complexity
wireshark fedoraproject opensuse debian oracle
7.5
7.5