Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2020-27671 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
local
high complexity
xen opensuse debian fedoraproject
7.8
7.8
2020-10-22 CVE-2020-27670 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
local
high complexity
xen opensuse fedoraproject debian CWE-345
7.8
7.8
2020-10-22 CVE-2020-27638 Reachable Assertion vulnerability in multiple products
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.
network
low complexity
fastd-project debian fedoraproject CWE-617
7.5
7.5
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5
7.5
2020-10-19 CVE-2020-24388 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24387 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.
network
low complexity
yubico fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24266 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-19 CVE-2020-24265 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in tcpreplay tcpprep v4.3.3.
network
low complexity
broadcom fedoraproject CWE-787
7.5
7.5
2020-10-16 CVE-2020-9983 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue was addressed with improved bounds checking.
network
low complexity
apple fedoraproject CWE-787
8.8
8.8
2020-10-07 CVE-2020-26880 Improper Privilege Management vulnerability in multiple products
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
local
low complexity
sympa fedoraproject debian CWE-269
7.8
7.8