Vulnerabilities > Fedoraproject > Fedora
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-29 | CVE-2020-14323 | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. | 5.5 |
2020-10-27 | CVE-2020-15238 | Argument Injection or Modification vulnerability in multiple products Blueman is a GTK+ Bluetooth Manager. | 7.0 |
2020-10-22 | CVE-2020-27675 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 4.7 |
2020-10-22 | CVE-2020-27674 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 5.3 |
2020-10-22 | CVE-2020-27672 | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 7.0 |
2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |
2020-10-22 | CVE-2020-27670 | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 7.8 |
2020-10-22 | CVE-2020-27638 | Reachable Assertion vulnerability in multiple products receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | 7.5 |
2020-10-22 | CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 |
2020-10-20 | CVE-2020-25648 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. | 7.5 |