Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-04	CVE-2020-35494	There's a flaw in binutils /opcodes/tic4x-dis.c. local low complexity gnu fedoraproject netapp broadcom	6.1
2021-01-04	CVE-2020-35493	A flaw exists in binutils in bfd/pef.c. local low complexity gnu fedoraproject netapp broadcom	5.5
2020-12-31	CVE-2020-35884	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. network low complexity tiny-http-project fedoraproject CWE-444	6.5
2020-12-28	CVE-2020-35730	Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. network low complexity roundcube fedoraproject debian CWE-79	6.1
2020-12-28	CVE-2020-35738	Integer Overflow or Wraparound vulnerability in multiple products WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. local low complexity wavpack debian fedoraproject CWE-190	6.1
2020-12-26	CVE-2020-35376	Out-of-bounds Write vulnerability in multiple products Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. network low complexity xpdfreader fedoraproject CWE-787	7.5
2020-12-26	CVE-2020-29385	Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. local low complexity gnome canonical fedoraproject CWE-835	5.5
2020-12-24	CVE-2020-35680	NULL Pointer Dereference vulnerability in multiple products smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. network low complexity opensmtpd fedoraproject CWE-476	7.5
2020-12-24	CVE-2020-35679	Memory Leak vulnerability in multiple products smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. network low complexity opensmtpd fedoraproject CWE-401	7.5
2020-12-21	CVE-2020-27846	A signature verification vulnerability exists in crewjam/saml. network low complexity grafana saml-project redhat fedoraproject critical	9.8