Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-09	CVE-2020-16592	Use After Free vulnerability in multiple products A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. local low complexity gnu netapp fedoraproject CWE-416	5.5
2020-12-09	CVE-2020-16591	Out-of-bounds Read vulnerability in multiple products A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. local low complexity gnu netapp CWE-125	5.5
2020-12-09	CVE-2020-16590	Double Free vulnerability in multiple products A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. local low complexity gnu netapp CWE-415	5.5
2020-12-09	CVE-2020-29660	Improper Locking vulnerability in multiple products A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. local low complexity linux fedoraproject debian netapp broadcom CWE-667	4.4
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-12-07	CVE-2020-17521	Apache Groovy provides extension methods to aid with creating temporary directories. local low complexity apache netapp oracle	5.5
2020-12-04	CVE-2020-29562	Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. network high complexity gnu fedoraproject netapp CWE-617	4.8
2020-12-03	CVE-2020-27783	Cross-site Scripting vulnerability in multiple products A XSS vulnerability was discovered in python-lxml's clean module. network low complexity lxml redhat debian fedoraproject netapp oracle CWE-79	6.1
2020-12-03	CVE-2020-25711	Missing Authorization vulnerability in multiple products A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. network low complexity infinispan redhat netapp CWE-862	6.5
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3