High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-21	CVE-2020-7040	Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. network high complexity storebackup debian opensuse canonical CWE-59	8.1
2020-01-16	CVE-2020-7105	NULL Pointer Dereference vulnerability in multiple products async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. network low complexity redislabs debian fedoraproject CWE-476	7.5
2020-01-15	CVE-2020-2604	Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat debian canonical opensuse netapp mcafee CWE-502	8.1
2020-01-14	CVE-2014-7844	Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. local low complexity redhat debian bsd-mailx-project CWE-74	7.8
2020-01-13	CVE-2020-5390	Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). network low complexity pysaml2-project canonical debian CWE-347	7.5
2020-01-13	CVE-2020-6851	Out-of-bounds Write vulnerability in multiple products OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. network low complexity uclouvain fedoraproject debian redhat oracle CWE-787	7.5
2020-01-10	CVE-2020-6377	Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse fedoraproject redhat debian CWE-416	8.8
2020-01-10	CVE-2019-13767	Use After Free vulnerability in multiple products Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-416	8.8
2020-01-09	CVE-2019-20373	LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. local low complexity debian ltsp	7.2
2020-01-06	CVE-2019-18625	An issue was discovered in Suricata 5.0.0. network low complexity oisf debian	7.5