Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-26 CVE-2020-29129 Out-of-bounds Read vulnerability in multiple products
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
network
low complexity
libslirp-project fedoraproject debian CWE-125
4.3
4.3
2020-11-26 CVE-2020-25653 Race Condition vulnerability in multiple products
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.
local
high complexity
spice-space debian fedoraproject CWE-362
6.3
6.3
2020-11-26 CVE-2020-25652 A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.
local
low complexity
spice-space debian fedoraproject
5.5
5.5
2020-11-26 CVE-2020-25651 A flaw was found in the SPICE file transfer protocol.
local
high complexity
spice-space debian fedoraproject
6.4
6.4
2020-11-25 CVE-2020-25650 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine.
local
low complexity
spice-space debian fedoraproject
5.5
5.5
2020-11-24 CVE-2020-28928 Out-of-bounds Write vulnerability in multiple products
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). 		5.5
5.5
2020-11-21 CVE-2020-25725 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem.
local
low complexity
xpdfreader fedoraproject
5.5
5.5
2020-11-20 CVE-2020-20739 Missing Initialization of Resource vulnerability in multiple products
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
network
low complexity
libvips debian fedoraproject CWE-909
5.3
5.3
2020-11-20 CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
local
high complexity
ibm fedoraproject oracle
4.7
4.7
2020-11-19 CVE-2020-28941 Release of Invalid Pointer or Reference vulnerability in multiple products
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.
local
low complexity
linux fedoraproject debian CWE-763
5.5
5.5