High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-23	CVE-2020-25696	A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian	7.5
2020-11-23	CVE-2019-14586	Use After Free vulnerability in multiple products Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. low complexity tianocore debian CWE-416	8.0
2020-11-23	CVE-2019-14575	Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. local low complexity tianocore debian	7.8
2020-11-23	CVE-2019-14563	Incorrect Conversion between Numeric Types vulnerability in multiple products Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. local low complexity tianocore debian CWE-681	7.8
2020-11-20	CVE-2020-20740	Out-of-bounds Write vulnerability in multiple products PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). local low complexity pdfresurrect-project debian fedoraproject CWE-787	7.8
2020-11-20	CVE-2020-19667	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. local low complexity imagemagick debian CWE-787	7.8
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-16	CVE-2020-26217	XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle	8.8
2020-11-16	CVE-2020-25695	A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network low complexity postgresql debian	8.8