Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-26	CVE-2020-25651	A flaw was found in the SPICE file transfer protocol. local high complexity spice-space debian fedoraproject	6.4
2020-11-25	CVE-2020-25650	A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. local low complexity spice-space debian fedoraproject	5.5
2020-11-24	CVE-2020-28928	Out-of-bounds Write vulnerability in multiple products In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). local low complexity musl-libc debian fedoraproject oracle CWE-787	5.5
2020-11-21	CVE-2020-25725	In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. local low complexity xpdfreader fedoraproject	5.5
2020-11-20	CVE-2020-20739	Missing Initialization of Resource vulnerability in multiple products im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. network low complexity libvips debian fedoraproject CWE-909	5.3
2020-11-20	CVE-2020-4788	IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. local high complexity ibm fedoraproject oracle	4.7
2020-11-19	CVE-2020-28941	Release of Invalid Pointer or Reference vulnerability in multiple products An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. local low complexity linux fedoraproject debian CWE-763	5.5
2020-11-19	CVE-2020-25703	Information Exposure vulnerability in multiple products The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. network low complexity moodle fedoraproject CWE-200	5.3
2020-11-19	CVE-2020-25702	Cross-site Scripting vulnerability in multiple products In Moodle, it was possible to include JavaScript when re-naming content bank items. network low complexity moodle fedoraproject CWE-79	6.1
2020-11-19	CVE-2020-25701	Incorrect Authorization vulnerability in multiple products If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. network low complexity moodle fedoraproject CWE-863	5.3