Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-30	CVE-2019-15523	Unchecked Return Value vulnerability in multiple products An issue was discovered in LINBIT csync2 through 2.0. network low complexity linbit debian CWE-252	5.0
2020-12-30	CVE-2020-26247	XXE vulnerability in multiple products Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. network low complexity nokogiri debian CWE-611	4.3
2020-12-28	CVE-2020-35730	Cross-site Scripting vulnerability in multiple products An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. network low complexity roundcube fedoraproject debian CWE-79	6.1
2020-12-28	CVE-2020-35738	Integer Overflow or Wraparound vulnerability in multiple products WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. local low complexity wavpack debian fedoraproject CWE-190	6.1
2020-12-24	CVE-2020-28169	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. local td-agent-builder-project debian CWE-732	6.9
2020-12-20	CVE-2020-35573	Excessive Iteration vulnerability in multiple products srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. network low complexity postsrsd-project debian CWE-834	5.0
2020-12-18	CVE-2020-35480	Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.1. network low complexity mediawiki debian fedoraproject CWE-203	5.3
2020-12-18	CVE-2020-35479	Cross-site Scripting vulnerability in multiple products MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. network low complexity mediawiki debian fedoraproject CWE-79	6.1
2020-12-18	CVE-2020-35477	Always-Incorrect Control Flow Implementation vulnerability in multiple products MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. network low complexity mediawiki debian fedoraproject CWE-670	5.3
2020-12-17	CVE-2020-35491	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8