Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-19	CVE-2020-25703	Information Exposure vulnerability in multiple products The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. network low complexity moodle fedoraproject CWE-200	5.3
2020-11-19	CVE-2020-25702	Cross-site Scripting vulnerability in multiple products In Moodle, it was possible to include JavaScript when re-naming content bank items. network low complexity moodle fedoraproject CWE-79	6.1
2020-11-19	CVE-2020-25701	Incorrect Authorization vulnerability in multiple products If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. network low complexity moodle fedoraproject CWE-863	5.3
2020-11-19	CVE-2020-25700	SQL Injection vulnerability in multiple products In moodle, some database module web services allowed students to add entries within groups they did not belong to. network low complexity moodle fedoraproject CWE-89	6.5
2020-11-19	CVE-2020-25699	Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. network low complexity moodle fedoraproject CWE-863	7.5
2020-11-19	CVE-2020-25698	Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. network low complexity moodle fedoraproject	7.5
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2020-11-18	CVE-2020-28366	Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. network high complexity golang fedoraproject netapp CWE-94	7.5
2020-11-18	CVE-2020-28362	Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. network low complexity golang fedoraproject netapp CWE-295	7.5
2020-11-12	CVE-2020-8698	Exposure of Resource to Wrong Sphere vulnerability in multiple products Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel netapp fedoraproject debian siemens CWE-668	5.5