18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-10	CVE-2020-10755	Insufficiently Protected Credentials vulnerability in multiple products An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. network low complexity redhat canonical CWE-522	6.5
2020-06-09	CVE-2020-10761	Reachable Assertion vulnerability in multiple products An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. network low complexity qemu redhat opensuse canonical CWE-617	5.0
2020-06-09	CVE-2020-10757	Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. local low complexity linux opensuse redhat fedoraproject debian canonical netapp CWE-843	7.8
2020-06-09	CVE-2020-13974	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel 4.4 through 5.7.1. local low complexity linux debian canonical CWE-190	7.8
2020-06-08	CVE-2020-13625	Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. network low complexity phpmailer-project fedoraproject canonical debian CWE-116	7.5
2020-06-08	CVE-2020-12049	Improper Resource Shutdown or Release vulnerability in multiple products An issue was discovered in dbus >= 1.3.0 before 1.12.18. local low complexity freedesktop canonical CWE-404	5.5
2020-06-07	CVE-2020-13904	Use After Free vulnerability in multiple products FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. local low complexity ffmpeg canonical debian CWE-416	5.5
2020-06-06	CVE-2020-13881	Information Exposure Through Log Files vulnerability in multiple products In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. network pam-tacplus-project debian canonical arista CWE-532	4.3
2020-06-04	CVE-2020-13800	Uncontrolled Recursion vulnerability in multiple products ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. local low complexity qemu canonical opensuse CWE-674	4.9
2020-06-04	CVE-2020-13765	Out-of-bounds Write vulnerability in multiple products rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. network high complexity qemu canonical debian CWE-787	5.6