Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-13976 OS Command Injection vulnerability in Dd-Wrt 16214/24
An issue was discovered in DD-WRT through 16214.
network
low complexity
dd-wrt CWE-78
8.8
8.8
2020-06-09 CVE-2020-10761 Reachable Assertion vulnerability in multiple products
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1.
network
low complexity
qemu redhat opensuse canonical CWE-617
5.0
5.0
2020-06-09 CVE-2020-10757 Type Confusion vulnerability in multiple products
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. 		7.8
7.8
2020-06-09 CVE-2020-5589 Missing Authentication for Critical Function vulnerability in Sony products
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
low complexity
sony CWE-306
8.3
8.3
2020-06-09 CVE-2020-13974 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel 4.4 through 5.7.1.
local
low complexity
linux debian canonical CWE-190
7.8
7.8
2020-06-09 CVE-2020-13973 Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0
OWASP json-sanitizer before 1.2.1 allows XSS.
network
owasp CWE-79
4.3
4.3
2020-06-09 CVE-2020-13965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube debian fedoraproject CWE-79
6.1
6.1
2020-06-09 CVE-2020-13964 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2020-06-09 CVE-2020-13962 Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users.
network
low complexity
mumble qt fedoraproject opensuse
7.5
7.5
2020-06-08 CVE-2020-13844 Information Exposure Through Discrepancy vulnerability in multiple products
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."
local
low complexity
arm opensuse CWE-203
2.1
2.1