20.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-11736	Link Following vulnerability in multiple products fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. local gnome debian canonical CWE-59	3.3
2020-04-09	CVE-2020-11655	Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. network low complexity sqlite netapp debian canonical oracle siemens tenable CWE-665	5.0
2020-04-06	CVE-2020-11565	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel through 5.6.2. local low complexity linux canonical CWE-787	6.0
2020-04-02	CVE-2020-1927	Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. network low complexity apache fedoraproject debian canonical opensuse netapp broadcom oracle CWE-601	6.1
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2020-04-01	CVE-2020-7065	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. network php debian canonical tenable CWE-787	6.8
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network php debian canonical opensuse tenable CWE-125	5.8
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-05	CVE-2019-20382	Memory Leak vulnerability in multiple products QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. low complexity qemu opensuse debian canonical CWE-401	3.5
2020-02-19	CVE-2020-6062	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project debian fedoraproject canonical CWE-476	7.5