15.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-19	CVE-2020-8617	Reachable Assertion vulnerability in multiple products Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. network high complexity isc debian fedoraproject opensuse canonical CWE-617	5.9
2020-05-19	CVE-2020-12663	Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. network low complexity nlnetlabs debian opensuse canonical fedoraproject CWE-835	7.5
2020-05-19	CVE-2020-12662	Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. network low complexity nlnetlabs debian opensuse canonical fedoraproject CWE-400	7.5
2020-05-18	CVE-2020-13143	Out-of-bounds Read vulnerability in multiple products gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. network low complexity linux opensuse debian canonical netapp CWE-125	6.5
2020-05-15	CVE-2020-12888	Improper Handling of Exceptional Conditions vulnerability in multiple products The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. local high complexity linux fedoraproject opensuse debian canonical netapp CWE-755	5.3
2020-05-14	CVE-2020-1945	Exposure of Resource to Wrong Sphere vulnerability in multiple products Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. local high complexity apache canonical fedoraproject opensuse oracle CWE-668	6.3
2020-05-12	CVE-2020-12823	Classic Buffer Overflow vulnerability in multiple products OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. network low complexity infradead fedoraproject debian opensuse CWE-120 critical	9.8
2020-05-09	CVE-2020-12771	Improper Locking vulnerability in multiple products An issue was discovered in the Linux kernel through 5.6.11. local low complexity linux debian opensuse canonical netapp oracle CWE-667	5.5
2020-05-09	CVE-2020-12769	Improper Synchronization vulnerability in multiple products An issue was discovered in the Linux kernel before 5.4.17. local low complexity linux debian canonical opensuse netapp CWE-662	5.5
2020-05-06	CVE-2020-12108	Injection vulnerability in multiple products /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. network low complexity gnu debian fedoraproject opensuse canonical CWE-74	6.5