Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-01 | CVE-2020-15257 | Incorrect Resource Transfer Between Spheres vulnerability in multiple products containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. | 5.2 |
| 2020-11-26 | CVE-2020-29130 | Out-of-bounds Read vulnerability in multiple products slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | 4.3 |
| 2020-11-26 | CVE-2020-29129 | Out-of-bounds Read vulnerability in multiple products ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | 4.3 |
| 2020-11-26 | CVE-2020-25653 | Race Condition vulnerability in multiple products A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. | 6.3 |
| 2020-11-26 | CVE-2020-25652 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. | 5.5 |
| 2020-11-26 | CVE-2020-25651 | Race Condition vulnerability in multiple products A flaw was found in the SPICE file transfer protocol. | 6.4 |
| 2020-11-25 | CVE-2020-25650 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. | 5.5 |
| 2020-11-24 | CVE-2020-28928 | Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | 5.5 |
| 2020-11-21 | CVE-2020-25725 | Use After Free vulnerability in multiple products In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. | 5.5 |
| 2020-11-20 | CVE-2020-20739 | Missing Initialization of Resource vulnerability in multiple products im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | 5.3 |