High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-13	CVE-2019-20907	Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. network low complexity python opensuse debian fedoraproject canonical netapp oracle CWE-835	7.5
2020-07-09	CVE-2020-12420	Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12419	Use After Free vulnerability in multiple products When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12417	Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-681	8.8
2020-07-09	CVE-2020-12410	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. network low complexity mozilla canonical CWE-787	8.8
2020-07-09	CVE-2020-12406	Insufficient Verification of Data Authenticity vulnerability in multiple products Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. network low complexity mozilla canonical CWE-345	8.8
2020-07-09	CVE-2020-12398	Cleartext Transmission of Sensitive Information vulnerability in multiple products If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. network low complexity mozilla canonical CWE-319	7.5
2020-07-06	CVE-2020-14303	Excessive Iteration vulnerability in multiple products A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. network low complexity samba fedoraproject opensuse debian canonical CWE-834	7.5
2020-07-02	CVE-2020-8161	Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. network low complexity rack-project debian canonical CWE-22	8.6
2020-06-29	CVE-2020-4067	In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. network low complexity coturn-project debian fedoraproject canonical opensuse	7.5