Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-02	CVE-2020-28034	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-10-29	CVE-2020-14323	NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. local low complexity samba opensuse fedoraproject debian CWE-476	5.5
2020-10-22	CVE-2020-27675	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. local high complexity linux fedoraproject debian CWE-416	4.7
2020-10-22	CVE-2020-27674	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. local low complexity xen fedoraproject debian CWE-787	5.3
2020-10-22	CVE-2020-27673	An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. local low complexity linux debian opensuse xen	5.5
2020-10-16	CVE-2020-15157	Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. network high complexity linuxfoundation canonical debian CWE-522	6.1
2020-10-12	CVE-2020-15250	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. local low complexity junit debian apache oracle CWE-732	5.5
2020-10-12	CVE-2020-13943	If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. network low complexity apache debian oracle	4.3
2020-10-10	CVE-2020-26934	Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. network low complexity phpmyadmin opensuse fedoraproject debian CWE-79	6.1
2020-10-10	CVE-2020-26932	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) network low complexity sympa debian CWE-732	4.3