15.1

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-30	CVE-2020-14376	Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local high complexity dpdk opensuse canonical CWE-120	7.8
2020-09-30	CVE-2020-14375	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local high complexity dpdk opensuse canonical CWE-367	7.8
2020-09-30	CVE-2020-26154	Classic Buffer Overflow vulnerability in multiple products url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. network low complexity libproxy-project fedoraproject debian opensuse CWE-120 critical	9.8
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-25	CVE-2019-11556	Cross-site Scripting vulnerability in multiple products Pagure before 5.6 allows XSS via the templates/blame.html blame view. network low complexity redhat opensuse CWE-79	6.1
2020-09-24	CVE-2020-26088	Incorrect Default Permissions vulnerability in multiple products A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. local low complexity linux debian opensuse canonical CWE-276	5.5
2020-09-21	CVE-2020-6571	Improper Input Validation vulnerability in multiple products Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google opensuse fedoraproject debian CWE-20	4.3
2020-09-21	CVE-2020-6570	Information Exposure vulnerability in multiple products Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. network low complexity google opensuse fedoraproject debian CWE-200	4.3
2020-09-21	CVE-2020-6569	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-190	6.3
2020-09-21	CVE-2020-6568	Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. network low complexity google debian opensuse fedoraproject	6.5