High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-30	CVE-2020-28926	Classic Buffer Overflow vulnerability in multiple products ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. network low complexity readymedia-project debian CWE-120	7.5
2020-11-27	CVE-2020-25708	Divide By Zero vulnerability in multiple products A divide by zero issue was found to occur in libvncserver-0.9.12. network low complexity libvncserver-project redhat debian CWE-369	7.5
2020-11-25	CVE-2020-29074	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT\|0777 in shmget calls, which allows access by actors other than the current user. network low complexity x11vnc-project fedoraproject debian CWE-732	8.8
2020-11-24	CVE-2020-26237	Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products Highlight.js is a syntax highlighter written in JavaScript. network low complexity highlightjs debian oracle CWE-471	8.7
2020-11-24	CVE-2020-25654	An ACL bypass flaw was found in pacemaker. network low complexity clusterlabs debian	7.2
2020-11-23	CVE-2020-28984	prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. network low complexity spip debian	7.5
2020-11-23	CVE-2020-25696	Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-183	7.5
2020-11-20	CVE-2020-20740	Out-of-bounds Write vulnerability in multiple products PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). local low complexity pdfresurrect-project debian fedoraproject CWE-787	7.8
2020-11-20	CVE-2020-19667	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. local low complexity imagemagick debian CWE-787	7.8
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8