Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-28030 Infinite Loop vulnerability in multiple products
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash.
network
low complexity
wireshark debian fedoraproject CWE-835
7.5
7.5
2020-10-29 CVE-2020-14323 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba opensuse fedoraproject debian CWE-476
5.5
5.5
2020-10-27 CVE-2020-15238 Argument Injection or Modification vulnerability in multiple products
Blueman is a GTK+ Bluetooth Manager.
local
high complexity
blueman-project debian fedoraproject CWE-88
7.0
7.0
2020-10-22 CVE-2020-27675 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
local
high complexity
linux fedoraproject debian CWE-416
4.7
4.7
2020-10-22 CVE-2020-27674 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
local
low complexity
xen fedoraproject debian CWE-787
5.3
5.3
2020-10-22 CVE-2020-27672 Use After Free vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
local
high complexity
xen fedoraproject opensuse debian CWE-416
7.0
7.0
2020-10-22 CVE-2020-27671 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
local
high complexity
xen opensuse debian fedoraproject
7.8
7.8
2020-10-22 CVE-2020-27670 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
local
high complexity
xen opensuse fedoraproject debian CWE-345
7.8
7.8
2020-10-22 CVE-2020-27638 Reachable Assertion vulnerability in multiple products
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.
network
low complexity
fastd-project debian fedoraproject CWE-617
7.5
7.5
2020-10-22 CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
network
low complexity
python fedoraproject oracle
critical
 9.8
9.8