High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-03	CVE-2020-17527	Information Exposure vulnerability in multiple products While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. network low complexity apache netapp debian oracle CWE-200	7.5
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-11-19	CVE-2019-12412	NULL Pointer Dereference vulnerability in Apache Libapreq2 A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. network low complexity apache CWE-476	7.5
2020-11-17	CVE-2020-13958	Unspecified vulnerability in Apache Openoffice A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. local low complexity apache	7.8
2020-11-16	CVE-2020-26217	OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle CWE-78	8.8
2020-11-12	CVE-2019-17566	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. network low complexity apache oracle CWE-918	7.5
2020-10-23	CVE-2020-27216	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. local high complexity eclipse netapp oracle apache debian	7.0
2020-10-21	CVE-2018-11764	Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0 Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. network low complexity apache CWE-306	8.8
2020-10-13	CVE-2018-20243	Insufficiently Protected Credentials vulnerability in Apache Fineract The implementation of POST with the username and password in the URL parameters exposed the credentials. network low complexity apache CWE-522	7.5
2020-10-01	CVE-2020-9491	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Nifi In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. network low complexity apache CWE-327	7.5