Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-27	CVE-2019-20790	Authentication Bypass by Spoofing vulnerability in multiple products OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. network low complexity trusteddomain pypolicyd-spf-project fedoraproject CWE-290 critical	9.8
2020-04-23	CVE-2020-11945	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. network low complexity squid-cache debian opensuse fedoraproject canonical CWE-190 critical	9.8
2020-03-24	CVE-2020-1747	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml fedoraproject opensuse oracle CWE-20 critical	9.8
2020-03-12	CVE-2020-10109	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical CWE-444 critical	9.8
2020-03-12	CVE-2020-10108	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twistedmatrix fedoraproject debian canonical oracle CWE-444 critical	9.8
2020-03-09	CVE-2020-10232	Out-of-bounds Write vulnerability in multiple products In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. network low complexity sleuthkit debian fedoraproject CWE-787 critical	9.8
2020-03-06	CVE-2020-10188	Classic Buffer Overflow vulnerability in multiple products utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. network low complexity netkit-telnet-project fedoraproject debian arista oracle juniper CWE-120 critical	9.8
2020-03-02	CVE-2020-10018	Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. network low complexity webkitgtk wpewebkit fedoraproject debian canonical opensuse CWE-416 critical	9.8
2020-02-27	CVE-2020-7043	Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. network low complexity openfortivpn-project fedoraproject opensuse CWE-295 critical	9.1
2020-02-25	CVE-2020-8794	Out-of-bounds Read vulnerability in multiple products OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. network low complexity opensmtpd canonical fedoraproject debian CWE-125 critical	9.8