19.10

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-25	CVE-2020-8794	Out-of-bounds Read vulnerability in multiple products OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. network low complexity opensmtpd canonical fedoraproject debian CWE-125 critical	9.8
2020-02-25	CVE-2020-8793	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. local high complexity opensmtpd fedoraproject canonical CWE-367	4.7
2020-02-25	CVE-2020-9383	Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel 3.16 through 5.5.6. local low complexity linux debian opensuse canonical netapp CWE-125	7.1
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-24	CVE-2015-9542	Out-of-bounds Write vulnerability in multiple products add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). network low complexity freeradius debian canonical CWE-787	7.5
2020-02-21	CVE-2020-9327	NULL Pointer Dereference vulnerability in multiple products In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. network low complexity sqlite netapp canonical siemens oracle CWE-476	7.5
2020-02-20	CVE-2020-9308	Out-of-bounds Write vulnerability in multiple products archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. network low complexity libarchive canonical fedoraproject CWE-787	8.8
2020-02-19	CVE-2020-6062	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project debian fedoraproject canonical CWE-476	7.5
2020-02-19	CVE-2020-6061	Out-of-bounds Read vulnerability in multiple products An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project fedoraproject debian canonical CWE-125 critical	9.8
2020-02-14	CVE-2020-8992	Excessive Iteration vulnerability in multiple products ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. local low complexity linux canonical opensuse netapp CWE-834	5.5