Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-25275 Improper Input Validation vulnerability in multiple products
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
network
low complexity
dovecot debian fedoraproject CWE-20
7.5
2020-12-26 CVE-2020-35376 Out-of-bounds Write vulnerability in multiple products
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
network
low complexity
xpdfreader fedoraproject CWE-787
7.5
2020-12-24 CVE-2020-35680 NULL Pointer Dereference vulnerability in multiple products
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
network
low complexity
opensmtpd fedoraproject CWE-476
7.5
2020-12-24 CVE-2020-35679 Memory Leak vulnerability in multiple products
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.
network
low complexity
opensmtpd fedoraproject CWE-401
7.5
2020-12-18 CVE-2020-27781 Insufficiently Protected Credentials vulnerability in multiple products
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.
local
low complexity
redhat fedoraproject CWE-522
7.1
2020-12-18 CVE-2020-35475 Cross-site Scripting vulnerability in multiple products
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.
network
low complexity
mediawiki debian fedoraproject CWE-79
7.5
2020-12-16 CVE-2020-26258 Server-Side Request Forgery (SSRF) vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject CWE-918
7.7
2020-12-15 CVE-2020-35381 jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
network
low complexity
jsonparser-project fedoraproject
7.5
2020-12-15 CVE-2020-29481 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-269
8.8
2020-12-15 CVE-2020-29479 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
8.8