Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-03	CVE-2020-15968	Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-416	8.8
2020-11-03	CVE-2020-15967	Use After Free vulnerability in multiple products Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-416	8.8
2020-11-02	CVE-2020-28038	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows stored XSS via post slugs. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-11-02	CVE-2020-28037	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). network low complexity wordpress fedoraproject debian CWE-754 critical	9.8
2020-11-02	CVE-2020-28036	Missing Authorization vulnerability in multiple products wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. network low complexity wordpress fedoraproject debian CWE-862 critical	9.8
2020-11-02	CVE-2020-28035	WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. network low complexity wordpress fedoraproject debian critical	9.8
2020-11-02	CVE-2020-28034	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-11-02	CVE-2020-28033	WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. network low complexity wordpress fedoraproject debian	7.5
2020-11-02	CVE-2020-28032	Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. network low complexity wordpress fedoraproject debian CWE-502 critical	9.8
2020-11-02	CVE-2020-28030	Infinite Loop vulnerability in multiple products In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. network low complexity wireshark debian fedoraproject CWE-835	7.5