20.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2020-04-01	CVE-2020-7065	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. network low complexity php debian canonical tenable CWE-787	8.8
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network low complexity php debian canonical opensuse tenable CWE-125	5.4
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-05	CVE-2019-20382	Memory Leak vulnerability in multiple products QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. low complexity qemu opensuse debian canonical CWE-401	3.5
2020-02-19	CVE-2020-6062	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project debian fedoraproject canonical CWE-476	7.5
2020-02-19	CVE-2020-6061	Out-of-bounds Read vulnerability in multiple products An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project fedoraproject debian canonical CWE-125 critical	9.8
2020-02-04	CVE-2019-9674	Resource Exhaustion vulnerability in multiple products Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. network low complexity python canonical netapp CWE-400	7.5
2020-01-30	CVE-2020-8492	Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. network low complexity python opensuse canonical fedoraproject debian CWE-400	6.5
2020-01-28	CVE-2020-0549	Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel opensuse debian canonical fedoraproject CWE-404	5.5