High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-12-02	CVE-2020-25638	A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. network high complexity hibernate debian quarkus oracle	7.4
2020-11-24	CVE-2020-26237	Highlight.js is a syntax highlighter written in JavaScript. network low complexity highlightjs debian oracle	8.7
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2020-11-16	CVE-2020-26217	XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle	8.8
2020-11-12	CVE-2019-17566	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. network low complexity apache oracle CWE-918	7.5
2020-11-06	CVE-2020-28196	Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. network low complexity mit fedoraproject netapp oracle CWE-674	7.5
2020-10-30	CVE-2020-7760	Resource Exhaustion vulnerability in multiple products This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. network low complexity codemirror oracle CWE-400	7.5
2020-10-23	CVE-2020-27216	In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. local high complexity eclipse netapp oracle apache debian	7.0
2020-10-20	CVE-2020-25648	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. network low complexity mozilla redhat fedoraproject oracle CWE-770	7.5