High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-06	CVE-2020-25866	NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. network low complexity wireshark fedoraproject opensuse oracle CWE-476	7.5
2020-10-06	CVE-2020-25863	In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. network low complexity wireshark fedoraproject opensuse debian oracle	7.5
2020-10-06	CVE-2020-25862	Improper Validation of Integrity Check Value vulnerability in multiple products In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. network low complexity wireshark fedoraproject opensuse debian oracle CWE-354	7.5
2020-10-06	CVE-2020-25613	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. network low complexity ruby-lang fedoraproject CWE-444	7.5
2020-10-01	CVE-2020-11979	As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. network low complexity apache gradle fedoraproject oracle	7.5
2020-09-27	CVE-2020-26121	Incorrect Authorization vulnerability in multiple products An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5
2020-09-27	CVE-2020-25869	Incorrect Authorization vulnerability in multiple products An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. network low complexity mediawiki fedoraproject CWE-863	7.5
2020-09-27	CVE-2020-25827	Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. network low complexity mediawiki fedoraproject CWE-307	7.5
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-23	CVE-2020-25603	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject opensuse debian CWE-670	7.8