High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-05	CVE-2020-12653	Out-of-bounds Write vulnerability in multiple products An issue was found in Linux kernel before 5.5.4. local low complexity linux opensuse debian netapp CWE-787	7.8
2020-04-30	CVE-2020-1752	A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. local high complexity gnu canonical netapp debian	7.0
2020-04-29	CVE-2020-11884	Race Condition vulnerability in multiple products In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. local high complexity linux canonical debian fedoraproject netapp CWE-362	7.0
2020-04-28	CVE-2020-12243	Uncontrolled Recursion vulnerability in multiple products In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). network low complexity openldap debian opensuse canonical netapp broadcom apple oracle CWE-674	7.5
2020-04-23	CVE-2020-5867	Download of Code Without Integrity Check vulnerability in multiple products In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages network high complexity f5 netapp CWE-494	8.1
2020-04-21	CVE-2020-1967	NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. network low complexity openssl debian freebsd fedoraproject oracle netapp broadcom opensuse jdedwards tenable CWE-476	7.5
2020-04-17	CVE-2020-11868	Origin Validation Error vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. network low complexity ntp redhat netapp debian opensuse CWE-346	7.5
2020-04-15	CVE-2020-2816	Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). network low complexity oracle netapp canonical debian opensuse	7.5
2020-04-15	CVE-2020-2805	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle netapp debian fedoraproject opensuse canonical	8.3
2020-04-15	CVE-2020-2803	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). network high complexity oracle netapp debian fedoraproject opensuse canonical	8.3