Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-09	CVE-2020-12410	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. network mozilla canonical CWE-787 critical	9.3
2020-07-09	CVE-2020-12417	Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. network mozilla canonical opensuse CWE-681 critical	9.3
2020-07-09	CVE-2020-12420	Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. network mozilla canonical opensuse CWE-416 critical	9.3
2020-06-30	CVE-2017-18922	Out-of-bounds Write vulnerability in multiple products It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. network low complexity libvncserver-project canonical opensuse fedoraproject siemens CWE-787 critical	9.8
2020-05-26	CVE-2020-12395	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. network low complexity mozilla canonical CWE-787 critical	10.0
2020-05-21	CVE-2020-13112	Out-of-bounds Read vulnerability in multiple products An issue was discovered in libexif before 0.6.22. network low complexity libexif-project debian canonical opensuse CWE-125 critical	9.1
2020-05-01	CVE-2020-10683	XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. network low complexity dom4j-project oracle opensuse netapp canonical CWE-611 critical	9.8
2020-04-28	CVE-2020-12284	Out-of-bounds Write vulnerability in multiple products cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. network low complexity ffmpeg canonical debian CWE-787 critical	10.0
2020-04-23	CVE-2020-11945	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. network low complexity squid-cache debian opensuse fedoraproject canonical CWE-190 critical	9.8
2020-03-12	CVE-2020-10108	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical oracle CWE-444 critical	9.8