High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-04	CVE-2020-27766	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in ImageMagick in MagickCore/statistic.c. local low complexity imagemagick debian CWE-190	7.8
2020-12-03	CVE-2020-17527	Information Exposure vulnerability in multiple products While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. network low complexity apache netapp debian oracle CWE-200	7.5
2020-12-03	CVE-2020-27778	Access of Uninitialized Pointer vulnerability in multiple products A flaw was found in Poppler in the way certain PDF files were converted into HTML. network low complexity freedesktop redhat debian CWE-824	7.5
2020-12-02	CVE-2020-25638	SQL Injection vulnerability in multiple products A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. network high complexity hibernate debian quarkus oracle CWE-89	7.4
2020-12-02	CVE-2020-27813	Resource Exhaustion vulnerability in multiple products An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. network low complexity gorillatoolkit debian CWE-400	7.5
2020-11-30	CVE-2020-29394	Out-of-bounds Write vulnerability in multiple products A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument). local low complexity genivi debian CWE-787	7.8
2020-11-30	CVE-2020-28926	Classic Buffer Overflow vulnerability in multiple products ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. network low complexity readymedia-project debian CWE-120	7.5
2020-11-27	CVE-2020-25708	Divide By Zero vulnerability in multiple products A divide by zero issue was found to occur in libvncserver-0.9.12. network low complexity libvncserver-project redhat debian CWE-369	7.5
2020-11-25	CVE-2020-29074	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products scan.c in x11vnc 0.9.16 uses IPC_CREAT\|0777 in shmget calls, which allows access by actors other than the current user. network low complexity x11vnc-project fedoraproject debian CWE-732	8.8
2020-11-24	CVE-2020-26237	Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products Highlight.js is a syntax highlighter written in JavaScript. network low complexity highlightjs debian oracle CWE-471	8.7