High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-05	CVE-2020-15466	Infinite Loop vulnerability in multiple products In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. network low complexity wireshark opensuse debian CWE-835	7.5
2020-07-02	CVE-2020-8161	Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. network low complexity rack-project debian canonical CWE-22	8.6
2020-07-02	CVE-2020-15503	Improper Input Validation vulnerability in multiple products LibRaw before 0.20-RC1 lacks a thumbnail size range check. network low complexity libraw fedoraproject debian CWE-20	7.5
2020-06-29	CVE-2020-4067	Improper Initialization vulnerability in multiple products In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. network low complexity coturn-project debian fedoraproject canonical opensuse CWE-665	7.5
2020-06-26	CVE-2020-11996	A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. network low complexity apache canonical oracle opensuse debian netapp	7.5
2020-06-24	CVE-2020-12865	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. low complexity sane-project debian canonical opensuse CWE-787	8.0
2020-06-22	CVE-2020-4031	Use After Free vulnerability in multiple products In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. network low complexity freerdp fedoraproject opensuse canonical debian CWE-416	7.5
2020-06-19	CVE-2020-14929	Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. network low complexity alpine-project fedoraproject debian	7.5
2020-06-19	CVE-2020-8165	Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. network low complexity rubyonrails debian opensuse CWE-502	7.5
2020-06-19	CVE-2020-8184	Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. network low complexity rack-project debian canonical CWE-20	7.5