High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-24	CVE-2020-26890	Improper Input Validation vulnerability in multiple products Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. network low complexity matrix fedoraproject CWE-20	7.5
2020-11-23	CVE-2020-25660	A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. low complexity redhat fedoraproject	8.8
2020-11-20	CVE-2020-20740	Out-of-bounds Write vulnerability in multiple products PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). local low complexity pdfresurrect-project debian fedoraproject CWE-787	7.8
2020-11-20	CVE-2020-13671	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. network low complexity drupal fedoraproject CWE-434	8.8
2020-11-19	CVE-2020-28924	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Rclone before 1.53.3. network low complexity rclone fedoraproject CWE-338	7.5
2020-11-19	CVE-2020-28949	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-11-19	CVE-2020-25699	Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. network low complexity moodle fedoraproject CWE-863	7.5
2020-11-19	CVE-2020-25698	Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. network low complexity moodle fedoraproject	7.5
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5