High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-31	CVE-2020-11113	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). network low complexity fasterxml debian netapp oracle CWE-502	8.8
2020-03-31	CVE-2020-11112	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). network low complexity fasterxml debian netapp oracle CWE-502	8.8
2020-03-31	CVE-2020-11111	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). network low complexity fasterxml debian netapp oracle CWE-502	8.8
2020-03-27	CVE-2020-1772	It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. network low complexity otrs opensuse debian	7.5
2020-03-26	CVE-2020-10969	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. network low complexity fasterxml debian netapp oracle CWE-502	8.8
2020-03-26	CVE-2020-10968	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). network low complexity fasterxml debian netapp oracle CWE-502	8.8
2020-03-24	CVE-2020-6078	Unchecked Return Value vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. network low complexity videolabs debian CWE-252	7.5
2020-03-24	CVE-2020-6072	Double Free vulnerability in multiple products An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. network low complexity videolabs debian CWE-415	7.5
2020-03-24	CVE-2020-10938	Integer Overflow or Wraparound vulnerability in multiple products GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. network low complexity graphicsmagick debian opensuse CWE-190	7.5
2020-03-24	CVE-2020-10684	Missing Authorization vulnerability in multiple products A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. local low complexity redhat debian fedoraproject CWE-862	7.1