18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-27	CVE-2019-20421	Infinite Loop vulnerability in multiple products In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. network low complexity exiv2 canonical debian CWE-835	7.8
2020-01-23	CVE-2019-17570	Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. network low complexity apache debian canonical fedoraproject redhat CWE-502 critical	9.8
2020-01-21	CVE-2020-7595	Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. network low complexity xmlsoft fedoraproject canonical debian siemens netapp oracle CWE-835	7.5
2020-01-21	CVE-2020-7040	Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. network high complexity storebackup debian opensuse canonical CWE-59	8.1
2020-01-21	CVE-2019-19344	Use After Free vulnerability in multiple products There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. network low complexity samba canonical synology opensuse CWE-416	6.5
2020-01-21	CVE-2019-14907	Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. network low complexity fedoraproject samba redhat canonical synology debian CWE-125	6.5
2020-01-21	CVE-2019-14902	There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. network low complexity samba canonical opensuse debian	5.4
2020-01-21	CVE-2019-20386	Memory Leak vulnerability in multiple products An issue was discovered in button_open in login/logind-button.c in systemd before 243. low complexity systemd-project canonical fedoraproject opensuse netapp CWE-401	2.4
2020-01-17	CVE-2019-14615	Information Exposure vulnerability in multiple products Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. local canonical intel CWE-200	1.9
2020-01-17	CVE-2019-17361	Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. network low complexity saltstack debian opensuse canonical CWE-77 critical	9.8