High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-07	CVE-2020-11620	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-04-07	CVE-2020-11619	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). network high complexity fasterxml debian netapp oracle CWE-502	8.1
2020-04-07	CVE-2020-11612	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. network low complexity netty debian fedoraproject netapp oracle CWE-770	7.5
2020-04-03	CVE-2020-11501	Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. network high complexity gnu debian opensuse canonical fedoraproject CWE-330	7.4
2020-04-02	CVE-2019-14868	Command Injection vulnerability in multiple products In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. local low complexity ksh-project debian apple CWE-77	7.8
2020-04-02	CVE-2020-11100	Out-of-bounds Write vulnerability in multiple products In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. network low complexity haproxy debian redhat fedoraproject canonical opensuse CWE-787	8.8
2020-04-01	CVE-2020-6096	Signed to Unsigned Conversion Error vulnerability in multiple products An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. network high complexity gnu fedoraproject debian CWE-195	8.1
2020-03-31	CVE-2020-5291	Improper Privilege Management vulnerability in multiple products Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. network projectatomic debian archlinux centos CWE-269	8.5
2020-03-31	CVE-2020-1712	Use After Free vulnerability in multiple products A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. local low complexity systemd-project redhat debian CWE-416	7.8
2020-03-31	CVE-2020-10595	Classic Buffer Overflow vulnerability in multiple products pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. network low complexity pam-krb5-project debian CWE-120	7.5