Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-10	CVE-2020-28368	Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. local low complexity xen fedoraproject debian CWE-862	4.4
2020-11-06	CVE-2020-28242	Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. network low complexity asterisk sangoma fedoraproject debian CWE-674	6.5
2020-11-06	CVE-2020-28241	Out-of-bounds Read vulnerability in multiple products libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. network low complexity maxmind debian fedoraproject CWE-125	6.5
2020-11-04	CVE-2020-28049	Race Condition vulnerability in multiple products An issue was discovered in SDDM before 0.19.0. local high complexity sddm-project opensuse debian fedoraproject CWE-362	6.3
2020-11-03	CVE-2020-6557	Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. network low complexity google debian fedoraproject opensuse	6.5
2020-11-03	CVE-2020-15999	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google freetype debian fedoraproject opensuse CWE-787	6.5
2020-11-03	CVE-2020-15989	Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. local low complexity google fedoraproject opensuse debian CWE-908	5.5
2020-11-03	CVE-2020-15988	Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. network low complexity google fedoraproject debian opensuse	6.3
2020-11-03	CVE-2020-15986	Use After Free vulnerability in multiple products Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-416	6.5
2020-11-03	CVE-2020-15985	Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google fedoraproject debian opensuse	6.5