Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-04 | CVE-2020-25639 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. | 4.4 |
| 2021-03-03 | CVE-2021-22878 | Cross-site Scripting vulnerability in multiple products Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | 4.8 |
| 2021-03-03 | CVE-2021-22877 | Missing Authorization vulnerability in multiple products A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | 6.5 |
| 2021-03-03 | CVE-2020-8296 | Weak Password Requirements vulnerability in multiple products Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | 6.7 |
| 2021-03-03 | CVE-2020-28591 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. | 6.5 |
| 2021-03-03 | CVE-2021-20225 | Out-of-bounds Write vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. | 6.7 |
| 2021-03-03 | CVE-2020-27749 | Stack-based Buffer Overflow vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. | 6.7 |
| 2021-02-27 | CVE-2021-25284 | Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 4.4 |
| 2021-02-27 | CVE-2020-28972 | Improper Certificate Validation vulnerability in multiple products In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 5.9 |
| 2021-02-26 | CVE-2021-21274 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 6.5 |