Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-12	CVE-2020-8696	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel netapp fedoraproject debian CWE-212	5.5
2020-11-12	CVE-2020-8695	Information Exposure Through Discrepancy vulnerability in multiple products Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. local low complexity intel fedoraproject debian CWE-203	5.5
2020-11-12	CVE-2020-25658	It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. network high complexity python-rsa-project redhat fedoraproject	5.9
2020-11-10	CVE-2020-28368	Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. local low complexity xen fedoraproject debian CWE-862	4.4
2020-11-10	CVE-2020-0452	Integer Overflow or Wraparound vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. network low complexity google fedoraproject CWE-190 critical	9.8
2020-11-06	CVE-2017-18926	Out-of-bounds Write vulnerability in multiple products raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). network low complexity librdf debian fedoraproject CWE-787	7.1
2020-11-06	CVE-2020-28196	Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. network low complexity mit fedoraproject netapp oracle CWE-674	7.5
2020-11-06	CVE-2020-26892	Use of Hard-coded Credentials vulnerability in multiple products The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. network low complexity linuxfoundation fedoraproject CWE-798 critical	9.8
2020-11-06	CVE-2020-26521	NULL Pointer Dereference vulnerability in multiple products The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). network low complexity linuxfoundation fedoraproject CWE-476	7.5
2020-11-06	CVE-2020-16846	OS Command Injection vulnerability in multiple products An issue was discovered in SaltStack Salt through 3002. network low complexity saltstack debian fedoraproject opensuse CWE-78 critical	9.8