Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-30	CVE-2020-11652	Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical blackberry vmware CWE-22	6.5
2020-04-24	CVE-2020-12137	Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. network low complexity gnu debian fedoraproject canonical opensuse CWE-79	6.1
2020-04-24	CVE-2019-15794	Operation on a Resource after Expiration or Release vulnerability in multiple products Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. local low complexity linux canonical CWE-672	6.7
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-22	CVE-2020-8833	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. local high complexity canonical apport-project CWE-367	4.7
2020-04-22	CVE-2020-8831	Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. local low complexity canonical apport-project CWE-59	5.5
2020-04-22	CVE-2020-1983	Use After Free vulnerability in multiple products A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. local low complexity libslirp-project fedoraproject debian opensuse canonical CWE-416	6.5
2020-04-17	CVE-2020-0067	Out-of-bounds Read vulnerability in multiple products In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. local low complexity google canonical CWE-125	4.4
2020-04-15	CVE-2019-12521	Off-by-one Error vulnerability in multiple products An issue was discovered in Squid through 4.7. network high complexity squid-cache canonical debian opensuse CWE-193	5.9
2020-04-15	CVE-2020-2930	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network high complexity oracle fedoraproject canonical netapp	4.4