High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-27	CVE-2020-26117	Improper Certificate Validation vulnerability in multiple products In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. network low complexity tigervnc debian opensuse CWE-295	8.1
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-23	CVE-2020-25603	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject opensuse debian CWE-670	7.8
2020-09-23	CVE-2020-25599	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local high complexity xen fedoraproject opensuse debian CWE-362	7.0
2020-09-23	CVE-2020-25595	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-269	7.8
2020-09-21	CVE-2020-6559	Use After Free vulnerability in multiple products Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-416	8.8
2020-09-21	CVE-2020-6555	Out-of-bounds Read vulnerability in multiple products Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. network low complexity google debian fedoraproject CWE-125	7.6
2020-09-21	CVE-2020-6554	Use After Free vulnerability in multiple products Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. local low complexity google debian fedoraproject CWE-416	8.6
2020-09-21	CVE-2020-6553	Use After Free vulnerability in multiple products Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2020-09-21	CVE-2020-6552	Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8