High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-19	CVE-2020-14929	Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. network low complexity alpine-project fedoraproject debian	7.5
2020-06-19	CVE-2020-8165	Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. network low complexity rubyonrails debian opensuse CWE-502	7.5
2020-06-19	CVE-2020-8184	Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. network low complexity rack-project debian canonical CWE-20	7.5
2020-06-17	CVE-2020-14400	An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvncserver-project debian opensuse canonical	7.5
2020-06-17	CVE-2020-14399	An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvncserver-project debian opensuse canonical	7.5
2020-06-17	CVE-2019-20840	Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvnc-project canonical debian siemens opensuse CWE-787	7.5
2020-06-17	CVE-2019-20839	Classic Buffer Overflow vulnerability in multiple products libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. network low complexity libvnc-project canonical debian siemens opensuse CWE-120	7.5
2020-06-17	CVE-2018-21247	Missing Initialization of Resource vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. network low complexity libvnc-project canonical debian siemens opensuse CWE-909	7.5
2020-06-15	CVE-2020-14148	Out-of-bounds Read vulnerability in multiple products The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. network low complexity barton debian fedoraproject CWE-125	7.5
2020-06-15	CVE-2020-14152	Resource Exhaustion vulnerability in multiple products In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. local low complexity ijg debian CWE-400	7.1