Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-29483 | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.5 |
| 2020-12-15 | CVE-2020-29482 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
| 2020-12-15 | CVE-2020-29571 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.2 |
| 2020-12-15 | CVE-2020-29570 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.2 |
| 2020-12-15 | CVE-2020-29567 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Xen 4.14.x. | 6.2 |
| 2020-12-15 | CVE-2020-29566 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-12-15 | CVE-2020-0499 | Out-of-bounds Read vulnerability in multiple products In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. | 4.3 |
| 2020-12-12 | CVE-2020-35176 | Path Traversal vulnerability in multiple products In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. | 5.3 |
| 2020-12-11 | CVE-2020-26421 | Out-of-bounds Read vulnerability in multiple products Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 5.3 |
| 2020-12-11 | CVE-2020-26420 | Memory Leak vulnerability in multiple products Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | 5.3 |