20.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-02	CVE-2020-13659	NULL Pointer Dereference vulnerability in multiple products address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. local high complexity qemu debian opensuse canonical CWE-476	2.5
2020-06-01	CVE-2020-12867	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. local low complexity sane-project fedoraproject debian opensuse canonical CWE-476	5.5
2020-05-28	CVE-2020-13362	Out-of-bounds Read vulnerability in multiple products In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. local low complexity qemu debian opensuse canonical CWE-125	3.2
2020-05-28	CVE-2020-13361	Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. local high complexity qemu debian opensuse canonical CWE-787	3.9
2020-05-28	CVE-2020-13645	Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. network low complexity gnome canonical fedoraproject netapp broadcom CWE-295	6.5
2020-05-27	CVE-2020-13632	NULL Pointer Dereference vulnerability in multiple products ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. local low complexity sqlite fedoraproject canonical netapp brocade debian siemens oracle CWE-476	5.5
2020-05-27	CVE-2020-13631	SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. local low complexity sqlite fedoraproject canonical netapp brocade siemens apple oracle	5.5
2020-05-27	CVE-2020-13630	Use After Free vulnerability in multiple products ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. local high complexity sqlite fedoraproject canonical netapp brocade debian siemens apple oracle CWE-416	7.0
2020-05-27	CVE-2020-13253	Out-of-bounds Read vulnerability in multiple products sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. local low complexity qemu canonical debian CWE-125	2.1
2020-05-26	CVE-2020-6831	Classic Buffer Overflow vulnerability in multiple products A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. network low complexity mozilla canonical debian opensuse CWE-120	7.5