19.10

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-25	CVE-2020-6811	Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. network low complexity mozilla canonical CWE-77	8.8
2020-03-25	CVE-2020-6807	Use After Free vulnerability in multiple products When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. network low complexity mozilla canonical CWE-416	8.8
2020-03-25	CVE-2020-6806	Out-of-bounds Read vulnerability in multiple products By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. network low complexity mozilla canonical CWE-125	8.8
2020-03-25	CVE-2020-6805	Use After Free vulnerability in multiple products When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. network low complexity mozilla canonical CWE-416	8.8
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local high complexity linux opensuse debian canonical CWE-787	5.3
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-12	CVE-2020-0556	Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access low complexity bluez canonical debian opensuse	7.1
2020-03-12	CVE-2020-10531	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190	8.8
2020-03-12	CVE-2020-10109	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twisted fedoraproject debian canonical CWE-444 critical	9.8
2020-03-12	CVE-2020-10108	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twisted fedoraproject debian canonical oracle CWE-444 critical	9.8