15.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-06	CVE-2020-10704	Uncontrolled Recursion vulnerability in multiple products A flaw was found when using samba as an Active Directory Domain Controller. network low complexity samba fedoraproject opensuse debian CWE-674	7.5
2020-05-05	CVE-2020-12656	Memory Leak vulnerability in multiple products gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. local low complexity linux canonical opensuse CWE-401	5.5
2020-05-04	CVE-2020-10700	Use After Free vulnerability in multiple products A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. network high complexity samba fedoraproject opensuse CWE-416	5.3
2020-05-04	CVE-2020-12641	OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. network low complexity roundcube opensuse CWE-78 critical	9.8
2020-05-04	CVE-2020-12640	Path Traversal vulnerability in multiple products Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. network low complexity roundcube opensuse CWE-22 critical	9.8
2020-05-04	CVE-2020-12625	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian opensuse CWE-79	6.1
2020-04-29	CVE-2020-11022	In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery drupal debian fedoraproject oracle netapp opensuse tenable	6.1
2020-04-24	CVE-2020-12137	Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. network low complexity gnu debian fedoraproject canonical opensuse CWE-79	6.1
2020-04-21	CVE-2020-1967	NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. network low complexity openssl debian freebsd fedoraproject oracle netapp broadcom opensuse jdedwards tenable CWE-476	7.5
2020-04-17	CVE-2020-11868	Origin Validation Error vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. network low complexity ntp redhat netapp debian opensuse CWE-346	7.5