Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-17	CVE-2020-0427	Use After Free vulnerability in multiple products In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. local low complexity google debian opensuse starwindsoftware CWE-416	5.5
2020-09-17	CVE-2019-20919	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the DBI module before 1.643 for Perl. local high complexity perl fedoraproject canonical debian opensuse CWE-476	4.7
2020-09-16	CVE-2020-14392	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. local low complexity perl canonical opensuse fedoraproject debian CWE-119	5.5
2020-09-15	CVE-2020-8927	Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. network low complexity google debian fedoraproject canonical opensuse microsoft CWE-120	6.5
2020-09-13	CVE-2020-25284	Incorrect Authorization vulnerability in multiple products The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. local high complexity linux debian opensuse CWE-863	4.1
2020-09-04	CVE-2020-24977	Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. network low complexity xmlsoft debian fedoraproject opensuse netapp oracle CWE-125	6.5
2020-09-02	CVE-2020-24553	Cross-site Scripting vulnerability in multiple products Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. network low complexity golang fedoraproject opensuse oracle CWE-79	6.1
2020-09-02	CVE-2020-15811	Incorrect Comparison vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. network low complexity squid-cache canonical debian fedoraproject opensuse CWE-697	6.5
2020-09-02	CVE-2020-15810	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. network low complexity squid-cache canonical debian fedoraproject opensuse CWE-444	6.5
2020-08-31	CVE-2020-14364	Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. local high complexity qemu redhat fedoraproject debian opensuse canonical CWE-787	5.0