18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-25	CVE-2020-6806	Out-of-bounds Read vulnerability in multiple products By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. network low complexity mozilla canonical CWE-125	8.8
2020-03-25	CVE-2020-6805	Use After Free vulnerability in multiple products When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. network low complexity mozilla canonical CWE-416	8.8
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local linux opensuse debian canonical CWE-787	5.4
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-20	CVE-2019-14855	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. network low complexity gnupg fedoraproject canonical CWE-326	7.5
2020-03-12	CVE-2020-0556	Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access low complexity bluez canonical debian opensuse	5.8
2020-03-12	CVE-2020-10531	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190	8.8
2020-03-12	CVE-2020-10109	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical CWE-444 critical	9.8
2020-03-12	CVE-2020-10108	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical oracle CWE-444 critical	9.8
2020-03-06	CVE-2019-20503	Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. network low complexity usrsctp-project debian canonical CWE-125	6.5