Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-06	CVE-2020-25637	Double Free vulnerability in multiple products A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. local low complexity redhat opensuse CWE-415	6.7
2020-10-06	CVE-2020-25641	Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. local low complexity linux redhat opensuse debian canonical CWE-835	5.5
2020-10-05	CVE-2020-8228	Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. network low complexity nextcloud opensuse CWE-307	5.0
2020-10-02	CVE-2020-7070	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. network low complexity php fedoraproject debian opensuse canonical netapp tenable CWE-565	5.3
2020-10-02	CVE-2020-7069	Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. network low complexity php fedoraproject debian opensuse canonical netapp oracle tenable CWE-326	6.5
2020-10-01	CVE-2020-15677	Open Redirect vulnerability in multiple products By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. network low complexity mozilla debian opensuse CWE-601	6.1
2020-10-01	CVE-2020-15676	Cross-site Scripting vulnerability in multiple products Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. network low complexity mozilla debian opensuse CWE-79	6.1
2020-10-01	CVE-2020-15673	Use After Free vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. network mozilla debian opensuse CWE-416	6.8
2020-09-30	CVE-2020-14376	Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local dpdk canonical opensuse CWE-120	6.9
2020-09-30	CVE-2020-14375	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local dpdk canonical opensuse CWE-367	4.4