Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-04	CVE-2020-10029	Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. local low complexity gnu fedoraproject canonical opensuse netapp debian CWE-787	5.5
2020-02-27	CVE-2020-7042	Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. network low complexity openfortivpn-project fedoraproject opensuse CWE-908	5.3
2020-02-27	CVE-2020-7041	Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. network low complexity openfortivpn-project fedoraproject opensuse CWE-295	5.3
2020-02-25	CVE-2020-9391	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. local low complexity linux fedoraproject netapp CWE-787	5.5
2020-02-25	CVE-2020-8793	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. local high complexity opensmtpd fedoraproject canonical CWE-367	4.7
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-20	CVE-2015-4411	Resource Exhaustion vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. network low complexity mongodb fedoraproject CWE-400	5.0
2020-02-20	CVE-2015-4410	Improper Input Validation vulnerability in multiple products The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. network low complexity moped-project fedoraproject CWE-20	5.0
2020-02-20	CVE-2019-20479	Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. network low complexity openidc debian fedoraproject opensuse CWE-601	6.1
2020-02-19	CVE-2015-7747	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. network canonical fedoraproject audio-file-library-project CWE-120	6.8