High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-04	CVE-2020-8450	Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache canonical opensuse fedoraproject debian CWE-131	7.3
2020-02-04	CVE-2020-8449	Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache debian canonical opensuse fedoraproject CWE-668	7.5
2020-01-29	CVE-2019-18634	Out-of-bounds Write vulnerability in multiple products In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. local low complexity sudo-project debian CWE-787	7.8
2020-01-28	CVE-2020-8112	Out-of-bounds Write vulnerability in multiple products opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. network low complexity uclouvain debian CWE-787	8.8
2020-01-27	CVE-2020-7238	HTTP Request Smuggling vulnerability in multiple products Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. network low complexity netty fedoraproject debian redhat CWE-444	7.5
2020-01-27	CVE-2015-0244	SQL Injection vulnerability in multiple products PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. network low complexity postgresql debian CWE-89	7.5
2020-01-27	CVE-2019-20421	Infinite Loop vulnerability in multiple products In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. network low complexity exiv2 canonical debian CWE-835	7.8
2020-01-21	CVE-2020-7595	Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. network low complexity xmlsoft fedoraproject canonical debian siemens netapp oracle CWE-835	7.5
2020-01-21	CVE-2019-20388	Memory Leak vulnerability in multiple products xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. network low complexity xmlsoft debian netapp oracle opensuse fedoraproject CWE-401	7.5
2020-01-21	CVE-2019-20387	Out-of-bounds Read vulnerability in multiple products repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. network low complexity opensuse debian CWE-125	7.5