18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-15	CVE-2020-14556	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle fedoraproject opensuse debian canonical netapp	4.8
2020-07-15	CVE-2020-14553	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). network low complexity oracle netapp fedoraproject canonical	4.3
2020-07-15	CVE-2020-14550	Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). network high complexity oracle netapp fedoraproject canonical mariadb	5.3
2020-07-15	CVE-2020-14547	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp fedoraproject canonical	4.9
2020-07-15	CVE-2020-14540	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). network low complexity oracle netapp fedoraproject canonical	4.9
2020-07-15	CVE-2020-14539	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp fedoraproject canonical	6.5
2020-07-14	CVE-2020-13753	Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. network low complexity wpewebkit webkitgtk fedoraproject debian canonical opensuse CWE-20 critical	10.0
2020-07-13	CVE-2019-20907	Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. network low complexity python opensuse debian fedoraproject canonical netapp oracle CWE-835	7.5
2020-07-09	CVE-2020-10756	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. local low complexity libslirp-project redhat canonical debian opensuse CWE-125	6.5
2020-07-09	CVE-2020-12421	Improper Certificate Validation vulnerability in multiple products When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. network low complexity mozilla canonical CWE-295	6.5