High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-16	CVE-2020-26258	Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject CWE-918	7.7
2020-12-15	CVE-2020-35381	jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. network low complexity jsonparser-project fedoraproject	7.5
2020-12-15	CVE-2020-29481	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-269	8.8
2020-12-15	CVE-2020-29479	Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-862	8.8
2020-12-14	CVE-2020-8286	Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. network low complexity haxx fedoraproject debian netapp apple siemens oracle splunk CWE-295	7.5
2020-12-14	CVE-2020-8285	Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. network low complexity haxx debian fedoraproject netapp apple oracle fujitsu siemens splunk CWE-674	7.5
2020-12-11	CVE-2020-27828	There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. local low complexity jasper-project fedoraproject	7.8
2020-12-09	CVE-2020-29661	Improper Locking vulnerability in multiple products A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. local low complexity linux fedoraproject debian netapp broadcom oracle CWE-667	7.8
2020-12-09	CVE-2020-29651	A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. network low complexity pytest fedoraproject oracle	7.5