Fedoraproject: >> Fedora >> 32 Security Vulnerabilities
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-11-19
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
CVSS Score
7.5
EPSS Score
0.629
Published
2020-11-19
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-18
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-12
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-11-10
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
CVSS Score
9.8
EPSS Score
0.149
Published
2020-11-10
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
CVSS Score
7.1
EPSS Score
0.029
Published
2020-11-06
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-06
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-04