High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-24	CVE-2020-35680	NULL Pointer Dereference vulnerability in multiple products smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. network low complexity opensmtpd fedoraproject CWE-476	7.5
2020-12-24	CVE-2020-35679	Memory Leak vulnerability in multiple products smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. network low complexity opensmtpd fedoraproject CWE-401	7.5
2020-12-18	CVE-2020-27781	Insufficiently Protected Credentials vulnerability in multiple products User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. local low complexity redhat fedoraproject CWE-522	7.1
2020-12-18	CVE-2020-35475	Cross-site Scripting vulnerability in multiple products In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. network low complexity mediawiki debian fedoraproject CWE-79	7.5
2020-12-16	CVE-2020-26258	Server-Side Request Forgery (SSRF) vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject CWE-918	7.7
2020-12-15	CVE-2020-35381	jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. network low complexity jsonparser-project fedoraproject	7.5
2020-12-15	CVE-2020-29481	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-269	8.8
2020-12-15	CVE-2020-29479	Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-862	8.8
2020-12-14	CVE-2020-8286	Improper Certificate Validation vulnerability in multiple products curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. network low complexity haxx fedoraproject debian netapp apple siemens oracle splunk CWE-295	7.5
2020-12-14	CVE-2020-8285	Uncontrolled Recursion vulnerability in multiple products curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. network low complexity haxx debian fedoraproject netapp apple oracle fujitsu siemens splunk CWE-674	7.5