Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-12	CVE-2020-25706	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field network low complexity cacti debian CWE-79	6.1
2020-11-10	CVE-2020-28368	Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. local low complexity xen fedoraproject debian CWE-862	4.4
2020-11-06	CVE-2020-27617	Reachable Assertion vulnerability in multiple products eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. network low complexity qemu debian CWE-617	4.0
2020-11-06	CVE-2020-17490	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. local low complexity saltstack debian CWE-732	5.5
2020-11-06	CVE-2020-28242	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. network low complexity asterisk fedoraproject debian CWE-674	6.5
2020-11-06	CVE-2020-28241	Out-of-bounds Read vulnerability in multiple products libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. network low complexity maxmind debian fedoraproject CWE-125	6.5
2020-11-04	CVE-2020-28049	Race Condition vulnerability in multiple products An issue was discovered in SDDM before 0.19.0. local high complexity sddm-project opensuse debian fedoraproject CWE-362	6.3
2020-11-03	CVE-2020-6557	Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject opensuse	6.5
2020-11-03	CVE-2020-16011	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. network google opensuse debian CWE-787	6.8
2020-11-03	CVE-2020-16007	Improper Input Validation vulnerability in multiple products Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. local low complexity google opensuse debian CWE-20	4.6