High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-21	CVE-2020-6542	Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2020-09-21	CVE-2020-6541	Use After Free vulnerability in multiple products Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject CWE-416	8.8
2020-09-17	CVE-2020-24750	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. network high complexity fasterxml oracle debian CWE-502	8.1
2020-09-16	CVE-2020-14393	Out-of-bounds Write vulnerability in multiple products A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. local low complexity perl opensuse debian fedoraproject CWE-787	7.1
2020-09-16	CVE-2020-14386	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel before 5.9-rc4. local low complexity linux debian fedoraproject opensuse CWE-787	7.8
2020-09-14	CVE-2020-24660	Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. network low complexity lemonldap-ng debian CWE-425	7.5
2020-09-11	CVE-2020-15166	Resource Exhaustion vulnerability in multiple products In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. network low complexity zeromq fedoraproject debian CWE-400	7.5
2020-09-09	CVE-2020-25219	Uncontrolled Recursion vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. network low complexity libproxy-project debian fedoraproject opensuse canonical CWE-674	7.5
2020-09-04	CVE-2019-20916	Path Traversal vulnerability in multiple products The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. network low complexity pypa opensuse debian oracle CWE-22	7.5
2020-09-03	CVE-2020-7729	Insecure Default Initialization of Resource vulnerability in multiple products The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. network high complexity gruntjs debian canonical CWE-1188	7.1