High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-25	CVE-2020-13482	Improper Certificate Validation vulnerability in multiple products EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. network high complexity em-http-request-project fedoraproject CWE-295	7.4
2020-05-22	CVE-2020-11077	In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. network low complexity puma fedoraproject debian opensuse	7.5
2020-05-22	CVE-2020-11076	In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. network low complexity puma fedoraproject debian	7.5
2020-05-21	CVE-2020-12693	Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. network high complexity schedmd fedoraproject opensuse debian	8.1
2020-05-21	CVE-2020-6477	Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. local low complexity google fedoraproject opensuse CWE-59	7.8
2020-05-21	CVE-2020-6474	Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse fedoraproject debian CWE-416	8.8
2020-05-21	CVE-2020-6468	Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-843	8.8
2020-05-21	CVE-2020-6467	Use After Free vulnerability in multiple products Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-416	8.8
2020-05-21	CVE-2020-6463	Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject canonical debian opensuse CWE-416	8.8
2020-05-20	CVE-2020-9484	Deserialization of Untrusted Data vulnerability in multiple products When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. local high complexity apache debian opensuse fedoraproject canonical oracle mcafee CWE-502	7.0