fedoraproject

5,423 tracked vulnerabilities.

CVE-2020-27781 HIGH
Ceph < 14.2.16, 15.x < 15.2.8, 16.x < 16.2.0 - Insufficiently Protected Credentials via OpenStack Manila Share Access
Dec 18, 2020
CVSS 7.1
EPSS 0.00
CVE-2020-35480 MEDIUM
MediaWiki < 1.35.1 - Information Disclosure of Hidden User Accounts
Dec 18, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-35479 MEDIUM
MediaWiki 1.12.0-1.35.0 - Cross-Site Scripting via BlockLogFormatter.php
Dec 18, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-35478 MEDIUM
MediaWiki 1.33.0-1.35.0 - Cross-Site Scripting via BlockLogFormatter.php
Dec 18, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-35477 MEDIUM
MediaWiki <1.35.1 - Info Disclosure
Dec 18, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-35475 HIGH
MediaWiki < 1.35.1 - Cross-Site Scripting in UserRights Special Page
Dec 18, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-35474 MEDIUM
MediaWiki < 1.35.1 - Stored Cross-Site Scripting via MediaWiki:recentchanges-legend-watchlistexpiry
Dec 18, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-26259 MEDIUM
XStream <1.4.15 - File Deletion
Dec 16, 2020
CVSS 6.8
EPSS 0.82
CVE-2020-26258 MEDIUM NUCLEI
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
Dec 16, 2020
CVSS 6.3
EPSS 0.82
CVE-2020-35381 HIGH
jsonparser 1.0.0 - Denial of Service via GET Call
Dec 15, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-29486 MEDIUM
Xen < 4.14.0 - Denial of Service via Xenstore Node Ownership Quota Manipulation
Dec 15, 2020
CVSS 6.0
EPSS 0.00
CVE-2020-29485 MEDIUM
Xen 4.6-4.14.x - Denial of Service via XS_RESET_WATCHES Memory Leak
Dec 15, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-29484 MEDIUM
Xen < 4.14.0 - Denial of Service via Xenstore Watch Payload Length Overflow
Dec 15, 2020
CVSS 6.0
EPSS 0.00
CVE-2020-29483 MEDIUM
Xen < 4.14.0 - Use-After-Free in Xenstored via Guest Protocol Violation
Dec 15, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-29482 MEDIUM
Xen < 4.14.0 - Denial of Service via Xenstore Path Length Limit Bypass
Dec 15, 2020
CVSS 6.0
EPSS 0.00
CVE-2020-29481 HIGH
Xen < 4.14.0 - Improper Privilege Management via Xenstore Node Access Rights
Dec 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-29480 LOW
Xen < 4.14.0 - Missing Authorization in Xenstore Watch Events
Dec 15, 2020
CVSS 2.3
EPSS 0.00
CVE-2020-29479 HIGH
Xen < 4.14.0 - Unauthenticated Missing Authorization in Ocaml xenstored
Dec 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-29571 MEDIUM
Xen 4.4.0-4.14.x - Denial of Service via FIFO Event Channel NULL Pointer Dereference
Dec 15, 2020
CVSS 6.2
EPSS 0.00
CVE-2020-29570 MEDIUM
Xen 4.4.0-4.13.x - Denial of Service via Per-vCPU Control Block Mapping
Dec 15, 2020
CVSS 6.2
EPSS 0.00
CVE-2020-29567 MEDIUM
Xen < 4.14.0 - Denial of Service via IRQ Vector De-allocation
Dec 15, 2020
CVSS 6.2
EPSS 0.00
CVE-2020-29566 MEDIUM
Xen < 4.14.0 - Denial of Service via Recursive De-Schedule/Re-Schedule
Dec 15, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-0499 MEDIUM
Android 11 - Out-of-bounds Read in FLAC Bitreader
Dec 15, 2020
CVSS 4.3
EPSS 0.04
CVE-2020-8286 HIGH
libcurl 7.41.0-7.73.0 - Improper Certificate Validation via OCSP Response
Dec 14, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-8285 HIGH
libcurl 7.21.0-7.73.0 - Uncontrolled Recursion via FTP Wildcard Match Parsing
Dec 14, 2020
CVSS 7.5
EPSS 0.10