Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-12	CVE-2020-10109	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical CWE-444 critical	9.8
2020-03-02	CVE-2020-10018	Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. network low complexity webkitgtk wpewebkit fedoraproject debian canonical opensuse CWE-416 critical	9.8
2020-02-25	CVE-2020-8794	Out-of-bounds Read vulnerability in multiple products OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. network low complexity opensmtpd canonical fedoraproject debian CWE-125 critical	9.8
2020-02-19	CVE-2020-6061	Out-of-bounds Read vulnerability in multiple products An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. network low complexity coturn-project fedoraproject debian canonical CWE-125 critical	9.8
2020-02-03	CVE-2020-8597	Classic Buffer Overflow vulnerability in multiple products eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. network low complexity point-to-point-protocol-project wago debian canonical CWE-120 critical	9.8
2020-01-29	CVE-2019-20444	HTTP Request Smuggling vulnerability in multiple products HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." network low complexity netty debian fedoraproject canonical redhat CWE-444 critical	9.1
2020-01-29	CVE-2019-20445	HTTP Request Smuggling vulnerability in multiple products HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. network low complexity netty debian fedoraproject canonical redhat apache CWE-444 critical	9.1
2020-01-29	CVE-2020-7247	Improper Handling of Exceptional Conditions vulnerability in multiple products smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. network low complexity openbsd debian fedoraproject canonical CWE-755 critical	9.8
2020-01-23	CVE-2019-17570	Deserialization of Untrusted Data vulnerability in multiple products An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. network low complexity apache debian canonical fedoraproject redhat CWE-502 critical	9.8
2020-01-17	CVE-2019-17361	Command Injection vulnerability in multiple products In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. network low complexity saltstack debian opensuse canonical CWE-77 critical	9.8