High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-04	CVE-2020-25275	Improper Input Validation vulnerability in multiple products Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. network low complexity dovecot debian fedoraproject CWE-20	7.5
2020-12-26	CVE-2020-35376	Out-of-bounds Write vulnerability in multiple products Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. network low complexity xpdfreader fedoraproject CWE-787	7.5
2020-12-24	CVE-2020-35680	NULL Pointer Dereference vulnerability in multiple products smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. network low complexity opensmtpd fedoraproject CWE-476	7.5
2020-12-24	CVE-2020-35679	Memory Leak vulnerability in multiple products smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. network low complexity opensmtpd fedoraproject CWE-401	7.5
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-16	CVE-2020-26258	Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject CWE-918	7.7
2020-12-15	CVE-2020-35381	jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. network low complexity jsonparser-project fedoraproject	7.5
2020-12-15	CVE-2020-29481	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-269	8.8
2020-12-15	CVE-2020-29479	Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-862	8.8