High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-18	CVE-2020-8251	Resource Exhaustion vulnerability in multiple products Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. network low complexity nodejs fedoraproject CWE-400	7.5
2020-09-18	CVE-2020-8201	HTTP Request Smuggling vulnerability in multiple products Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. network high complexity nodejs opensuse fedoraproject CWE-444	7.4
2020-09-16	CVE-2020-14382	Out-of-bounds Write vulnerability in multiple products A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. local low complexity cryptsetup-project redhat canonical fedoraproject CWE-787	7.8
2020-09-16	CVE-2020-14393	Out-of-bounds Write vulnerability in multiple products A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. local low complexity perl opensuse debian fedoraproject CWE-787	7.1
2020-09-16	CVE-2020-14386	Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel before 5.9-rc4. local low complexity linux debian fedoraproject opensuse CWE-787	7.8
2020-09-11	CVE-2020-14363	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow vulnerability leading to a double-free was found in libX11. local low complexity x-org fedoraproject CWE-190	7.8
2020-09-11	CVE-2020-1045	<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> network low complexity microsoft fedoraproject redhat	7.5
2020-09-11	CVE-2020-15166	Resource Exhaustion vulnerability in multiple products In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. network low complexity zeromq fedoraproject debian CWE-400	7.5
2020-09-09	CVE-2020-25219	Uncontrolled Recursion vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. network low complexity libproxy-project debian fedoraproject opensuse canonical CWE-674	7.5
2020-09-09	CVE-2020-14342	OS Command Injection vulnerability in multiple products It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. local high complexity samba fedoraproject opensuse CWE-78	7.0