Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-12 CVE-2020-8696 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel netapp fedoraproject debian CWE-212
5.5
2020-11-12 CVE-2020-8695 Information Exposure Through Discrepancy vulnerability in multiple products
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
local
low complexity
intel fedoraproject debian CWE-203
5.5
2020-11-12 CVE-2020-25658 It was found that python-rsa is vulnerable to Bleichenbacher timing attacks.
network
high complexity
python-rsa-project redhat fedoraproject
5.9
2020-11-10 CVE-2020-28368 Missing Authorization vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject debian CWE-862
4.4
2020-11-06 CVE-2020-28242 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.
network
low complexity
asterisk sangoma fedoraproject debian CWE-674
6.5
2020-11-06 CVE-2020-28241 Out-of-bounds Read vulnerability in multiple products
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
network
low complexity
maxmind debian fedoraproject CWE-125
6.5
2020-11-04 CVE-2020-28049 Race Condition vulnerability in multiple products
An issue was discovered in SDDM before 0.19.0.
6.3
2020-11-03 CVE-2020-6557 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse
6.5
2020-11-03 CVE-2020-15999 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
6.5
2020-11-03 CVE-2020-15989 Use of Uninitialized Resource vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google fedoraproject opensuse debian CWE-908
5.5