High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-21	CVE-2020-7595	Infinite Loop vulnerability in multiple products xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. network low complexity xmlsoft fedoraproject canonical debian siemens netapp oracle CWE-835	7.5
2020-01-21	CVE-2019-20388	Memory Leak vulnerability in multiple products xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. network low complexity xmlsoft debian netapp oracle opensuse fedoraproject CWE-401	7.5
2020-01-21	CVE-2019-20387	Out-of-bounds Read vulnerability in multiple products repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. network low complexity opensuse debian CWE-125	7.5
2020-01-21	CVE-2020-7040	Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. network high complexity storebackup debian opensuse canonical CWE-59	8.1
2020-01-16	CVE-2020-7105	NULL Pointer Dereference vulnerability in multiple products async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. network low complexity redislabs debian fedoraproject CWE-476	7.5
2020-01-15	CVE-2020-2604	Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat debian canonical opensuse netapp mcafee CWE-502	8.1
2020-01-14	CVE-2014-7844	Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. local low complexity redhat debian bsd-mailx-project CWE-74	7.8
2020-01-13	CVE-2020-5390	Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). network low complexity pysaml2-project canonical debian CWE-347	7.5
2020-01-13	CVE-2020-6851	Out-of-bounds Write vulnerability in multiple products OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. network low complexity uclouvain fedoraproject debian redhat oracle CWE-787	7.5
2020-01-10	CVE-2020-6377	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse fedoraproject redhat debian CWE-416	8.8