High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-26	CVE-2020-11996	A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. network low complexity apache canonical oracle opensuse debian netapp	7.5
2020-06-25	CVE-2020-11538	Out-of-bounds Read vulnerability in multiple products In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. network high complexity python fedoraproject canonical CWE-125	8.1
2020-06-25	CVE-2020-10379	Classic Buffer Overflow vulnerability in multiple products In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. local low complexity python fedoraproject canonical CWE-120	7.8
2020-06-25	CVE-2020-5963	NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure. local low complexity nvidia canonical	7.8
2020-06-24	CVE-2020-12865	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. low complexity sane-project debian canonical opensuse CWE-787	8.0
2020-06-24	CVE-2020-12861	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. low complexity sane-project canonical opensuse CWE-787	8.8
2020-06-22	CVE-2020-4031	In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. network low complexity freerdp fedoraproject opensuse canonical debian	7.5
2020-06-19	CVE-2020-8184	Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. network low complexity rack-project debian canonical CWE-20	7.5
2020-06-17	CVE-2020-14400	An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvncserver-project debian opensuse canonical	7.5
2020-06-17	CVE-2020-14399	An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvncserver-project debian opensuse canonical	7.5