Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-12-04	CVE-2020-29562	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network high complexity gnu fedoraproject netapp CWE-617	4.8
2020-12-03	CVE-2020-27783	A XSS vulnerability was discovered in python-lxml's clean module. network low complexity lxml redhat debian fedoraproject netapp oracle	6.1
2020-12-01	CVE-2020-15257	containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. local low complexity linuxfoundation fedoraproject debian	5.2
2020-11-26	CVE-2020-29130	Out-of-bounds Read vulnerability in multiple products slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. network low complexity libslirp-project debian fedoraproject CWE-125	4.3
2020-11-26	CVE-2020-29129	Out-of-bounds Read vulnerability in multiple products ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. network low complexity libslirp-project fedoraproject debian CWE-125	4.3
2020-11-26	CVE-2020-25653	Race Condition vulnerability in multiple products A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. local high complexity spice-space debian fedoraproject CWE-362	6.3
2020-11-26	CVE-2020-25652	A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. local low complexity spice-space debian fedoraproject	5.5
2020-11-26	CVE-2020-25651	A flaw was found in the SPICE file transfer protocol. local high complexity spice-space debian fedoraproject	6.4
2020-11-25	CVE-2020-25650	A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. local low complexity spice-space debian fedoraproject	5.5