Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-8698 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-11-12 | CVE-2020-8696 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2020-11-12 | CVE-2020-8695 | Information Exposure Through Discrepancy vulnerability in multiple products Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
| 2020-11-12 | CVE-2020-25658 | Covert Timing Channel vulnerability in multiple products It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. | 5.9 |
| 2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
| 2020-11-10 | CVE-2020-0452 | Integer Overflow or Wraparound vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. | 9.8 |
| 2020-11-06 | CVE-2017-18926 | Out-of-bounds Write vulnerability in multiple products raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | 7.1 |
| 2020-11-06 | CVE-2020-28196 | Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | 7.5 |
| 2020-11-06 | CVE-2020-26892 | Use of Hard-coded Credentials vulnerability in multiple products The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. | 9.8 |
| 2020-11-06 | CVE-2020-26521 | NULL Pointer Dereference vulnerability in multiple products The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). | 7.5 |