High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-30	CVE-2020-11027	Operation on a Resource after Expiration or Release vulnerability in multiple products In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. network low complexity debian wordpress CWE-672	8.1
2020-04-30	CVE-2020-1752	Use After Free vulnerability in multiple products A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. local high complexity gnu canonical netapp debian CWE-416	7.0
2020-04-30	CVE-2020-11651	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical vmware	7.5
2020-04-29	CVE-2020-11884	Race Condition vulnerability in multiple products In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. local high complexity linux canonical debian fedoraproject netapp CWE-362	7.0
2020-04-28	CVE-2020-10663	Improper Input Validation vulnerability in multiple products The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. network low complexity json-project fedoraproject opensuse debian apple CWE-20	7.5
2020-04-27	CVE-2020-12268	Out-of-bounds Write vulnerability in multiple products jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. network low complexity artifex debian opensuse CWE-787	7.5
2020-04-23	CVE-2019-20788	Integer Overflow or Wraparound vulnerability in multiple products libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. network low complexity libvnc-project canonical debian siemens CWE-190	7.5
2020-04-22	CVE-2020-12066	Improper Input Validation vulnerability in multiple products CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. network low complexity teeworlds opensuse fedoraproject debian canonical CWE-20	7.5
2020-04-21	CVE-2020-11008	Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. network low complexity git-scm debian canonical fedoraproject CWE-522	7.5
2020-04-21	CVE-2020-1967	NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. network low complexity openssl debian freebsd fedoraproject oracle netapp broadcom opensuse jdedwards tenable CWE-476	7.5