High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-05	CVE-2020-10543	Integer Overflow or Wraparound vulnerability in multiple products Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. network low complexity perl fedoraproject opensuse oracle CWE-190	8.2
2020-06-04	CVE-2020-13692	XXE vulnerability in multiple products PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. network high complexity postgresql quarkus netapp fedoraproject debian CWE-611	7.7
2020-06-04	CVE-2020-13777	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). network high complexity gnu fedoraproject canonical debian CWE-327	7.4
2020-06-03	CVE-2020-11080	In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. network low complexity nghttp2 debian opensuse fedoraproject oracle nodejs	7.5
2020-06-03	CVE-2020-13379	Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. network low complexity grafana fedoraproject netapp opensuse CWE-918	8.2
2020-06-01	CVE-2020-13757	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. network low complexity python-rsa-project fedoraproject canonical CWE-327	7.5
2020-05-27	CVE-2020-10936	Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. local low complexity sympa fedoraproject debian canonical CWE-269	7.8
2020-05-27	CVE-2020-13630	Use After Free vulnerability in multiple products ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. local high complexity sqlite fedoraproject canonical netapp brocade debian siemens apple oracle CWE-416	7.0
2020-05-25	CVE-2020-13482	Improper Certificate Validation vulnerability in multiple products EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. network high complexity em-http-request-project fedoraproject CWE-295	7.4
2020-05-22	CVE-2020-11077	In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. network low complexity puma fedoraproject debian opensuse	7.5