High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-24	CVE-2020-25654	An ACL bypass flaw was found in pacemaker. network low complexity clusterlabs debian	7.2
2020-11-23	CVE-2020-28984	prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. network low complexity spip debian	7.5
2020-11-23	CVE-2020-25696	Permissive Whitelist vulnerability in multiple products A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-183	7.5
2020-11-20	CVE-2020-20740	Out-of-bounds Write vulnerability in multiple products PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). local low complexity pdfresurrect-project debian fedoraproject CWE-787	7.8
2020-11-20	CVE-2020-19667	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. local low complexity imagemagick debian CWE-787	7.8
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-16	CVE-2020-26217	OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle CWE-78	8.8
2020-11-16	CVE-2020-25695	SQL Injection vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network low complexity postgresql debian CWE-89	8.8
2020-11-16	CVE-2020-25694	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. network high complexity postgresql debian CWE-327	8.1