Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-15	CVE-2020-29567	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Xen 4.14.x. local low complexity xen fedoraproject CWE-770	6.2
2020-12-15	CVE-2020-29566	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-674	5.5
2020-12-15	CVE-2020-0499	Out-of-bounds Read vulnerability in multiple products In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. network low complexity google debian fedoraproject CWE-125	4.3
2020-12-14	CVE-2020-8286	Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. network low complexity haxx fedoraproject debian netapp apple siemens oracle splunk CWE-295	7.5
2020-12-14	CVE-2020-8285	Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. network low complexity haxx debian fedoraproject netapp apple oracle fujitsu siemens splunk CWE-674	7.5
2020-12-14	CVE-2020-8284	A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. network high complexity haxx fedoraproject debian netapp apple oracle fujitsu siemens splunk	3.7
2020-12-12	CVE-2020-35176	Path Traversal vulnerability in multiple products In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. network low complexity awstats debian fedoraproject CWE-22	5.3
2020-12-11	CVE-2020-26421	Out-of-bounds Read vulnerability in multiple products Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. network low complexity wireshark fedoraproject debian oracle CWE-125	5.3
2020-12-11	CVE-2020-26420	Memory Leak vulnerability in multiple products Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. network low complexity wireshark fedoraproject oracle CWE-401	5.3
2020-12-11	CVE-2020-26419	Memory Leak vulnerability in multiple products Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. network low complexity wireshark fedoraproject oracle CWE-401	5.3