Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-05	CVE-2020-8555	Server-Side Request Forgery (SSRF) vulnerability in multiple products The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). network high complexity kubernetes fedoraproject CWE-918	6.3
2020-06-03	CVE-2020-13596	Cross-site Scripting vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network low complexity djangoproject fedoraproject canonical netapp debian oracle CWE-79	6.1
2020-06-03	CVE-2020-13254	Improper Certificate Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network high complexity djangoproject canonical fedoraproject netapp debian oracle CWE-295	5.9
2020-06-03	CVE-2020-10749	A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. network high complexity linuxfoundation redhat fedoraproject	6.0
2020-06-03	CVE-2020-13776	Improper Privilege Management vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. local high complexity systemd-project netapp fedoraproject CWE-269	6.7
2020-06-02	CVE-2020-13775	NULL Pointer Dereference vulnerability in multiple products ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. network low complexity znc fedoraproject CWE-476	6.5
2020-06-02	CVE-2020-13401	Improper Input Validation vulnerability in multiple products An issue was discovered in Docker Engine before 19.03.11. network high complexity docker fedoraproject debian broadcom CWE-20	6.0
2020-06-01	CVE-2020-12867	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. local low complexity sane-project fedoraproject debian opensuse canonical CWE-476	5.5
2020-05-28	CVE-2020-13645	Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. network low complexity gnome canonical fedoraproject netapp broadcom CWE-295	6.5
2020-05-27	CVE-2020-13632	NULL Pointer Dereference vulnerability in multiple products ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. local low complexity sqlite fedoraproject canonical netapp brocade debian siemens oracle CWE-476	5.5