High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-16	CVE-2020-26217	OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle CWE-78	8.8
2020-11-16	CVE-2020-25695	SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network low complexity postgresql debian CWE-89	8.8
2020-11-16	CVE-2020-25694	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-327	8.1
2020-11-10	CVE-2020-25074	Path Traversal vulnerability in multiple products The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. network low complexity moinmo debian CWE-22	7.5
2020-11-06	CVE-2017-18926	Out-of-bounds Write vulnerability in multiple products raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). network low complexity librdf debian fedoraproject CWE-787	7.1
2020-11-04	CVE-2020-8037	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. network low complexity tcpdump debian fedoraproject apple CWE-770	7.5
2020-11-03	CVE-2020-16009	Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google microsoft cefsharp opensuse fedoraproject debian CWE-843	8.8
2020-11-03	CVE-2020-16008	Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. network low complexity google debian opensuse fedoraproject CWE-787	8.8
2020-11-03	CVE-2020-16006	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-787	8.8
2020-11-03	CVE-2020-16005	Improper Handling of Exceptional Conditions vulnerability in multiple products Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-755	8.8