Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-29570 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-770
6.2
6.2
2020-12-15 CVE-2020-29567 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen 4.14.x.
local
low complexity
xen fedoraproject CWE-770
6.2
6.2
2020-12-15 CVE-2020-29566 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-674
5.5
5.5
2020-12-15 CVE-2020-0499 Out-of-bounds Read vulnerability in multiple products
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow.
network
low complexity
google debian fedoraproject CWE-125
4.3
4.3
2020-12-12 CVE-2020-35176 Path Traversal vulnerability in multiple products
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
5.3
5.3
2020-12-11 CVE-2020-26421 Out-of-bounds Read vulnerability in multiple products
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-125
5.3
5.3
2020-12-11 CVE-2020-26420 Memory Leak vulnerability in multiple products
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
5.3
2020-12-11 CVE-2020-26419 Memory Leak vulnerability in multiple products
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject oracle CWE-401
5.3
5.3
2020-12-11 CVE-2020-26418 Memory Leak vulnerability in multiple products
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
network
low complexity
wireshark fedoraproject debian oracle CWE-401
5.3
5.3
2020-12-11 CVE-2020-35132 Cross-site Scripting vulnerability in multiple products
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
network
low complexity
phpldapadmin-project fedoraproject CWE-79
5.4
5.4