High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-09	CVE-2020-11655	Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. network low complexity sqlite netapp debian canonical oracle siemens tenable CWE-665	7.5
2020-04-03	CVE-2020-11501	Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. network high complexity gnu debian opensuse canonical fedoraproject CWE-330	7.4
2020-04-02	CVE-2020-8835	Out-of-bounds Write vulnerability in multiple products In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. local low complexity linux fedoraproject canonical netapp CWE-787	7.8
2020-04-02	CVE-2020-11100	Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. network low complexity haproxy debian redhat fedoraproject canonical opensuse CWE-787	8.8
2020-04-01	CVE-2020-7065	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. network low complexity php debian canonical tenable CWE-787	8.8
2020-03-25	CVE-2020-6811	Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. network low complexity mozilla canonical CWE-77	8.8
2020-03-25	CVE-2020-6807	Use After Free vulnerability in multiple products When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. network low complexity mozilla canonical CWE-416	8.8
2020-03-25	CVE-2020-6806	Out-of-bounds Read vulnerability in multiple products By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. network low complexity mozilla canonical CWE-125	8.8
2020-03-25	CVE-2020-6805	Use After Free vulnerability in multiple products When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. network low complexity mozilla canonical CWE-416	8.8
2020-03-20	CVE-2019-14855	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. network low complexity gnupg fedoraproject canonical CWE-326	7.5