High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-14	CVE-2020-8231	Use After Free vulnerability in multiple products Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. network low complexity haxx siemens debian oracle splunk CWE-416	7.5
2020-12-09	CVE-2020-29661	Improper Locking vulnerability in multiple products A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. local low complexity linux fedoraproject debian netapp broadcom oracle CWE-667	7.8
2020-12-09	CVE-2020-29651	A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. network low complexity pytest fedoraproject oracle	7.5
2020-12-03	CVE-2020-17527	Information Exposure vulnerability in multiple products While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. network low complexity apache netapp debian oracle CWE-200	7.5
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-12-02	CVE-2020-25638	SQL Injection vulnerability in multiple products A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. network high complexity hibernate debian quarkus oracle CWE-89	7.4
2020-11-24	CVE-2020-26237	Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products Highlight.js is a syntax highlighter written in JavaScript. network low complexity highlightjs debian oracle CWE-471	8.7
2020-11-19	CVE-2020-8277	Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. network low complexity nodejs fedoraproject oracle c-ares-project CWE-400	7.5
2020-11-16	CVE-2020-26217	OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. network low complexity xstream-project debian netapp apache oracle CWE-78	8.8
2020-11-12	CVE-2019-17566	Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. network low complexity apache oracle CWE-918	7.5