High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-19	CVE-2020-28949	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-19	CVE-2020-25699	Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. network low complexity moodle fedoraproject CWE-863	7.5
2020-11-19	CVE-2020-25698	Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. network low complexity moodle fedoraproject	7.5
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2020-11-18	CVE-2020-28366	Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. network high complexity golang fedoraproject netapp CWE-94	7.5
2020-11-18	CVE-2020-28362	Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. network low complexity golang fedoraproject netapp CWE-295	7.5
2020-11-06	CVE-2017-18926	Out-of-bounds Write vulnerability in multiple products raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). network low complexity librdf debian fedoraproject CWE-787	7.1
2020-11-06	CVE-2020-28196	Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. network low complexity mit fedoraproject netapp oracle CWE-674	7.5
2020-11-06	CVE-2020-26521	NULL Pointer Dereference vulnerability in multiple products The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). network low complexity linuxfoundation fedoraproject CWE-476	7.5