Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-02	CVE-2020-24553	Cross-site Scripting vulnerability in multiple products Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. network low complexity golang fedoraproject opensuse oracle CWE-79	6.1
2020-09-02	CVE-2020-15811	Incorrect Comparison vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. network low complexity squid-cache canonical debian fedoraproject opensuse CWE-697	6.5
2020-09-02	CVE-2020-15810	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. network low complexity squid-cache canonical debian fedoraproject opensuse CWE-444	6.5
2020-08-31	CVE-2020-14364	Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. local high complexity qemu redhat fedoraproject debian opensuse canonical CWE-787	5.0
2020-08-31	CVE-2020-25032	Path Traversal vulnerability in multiple products An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. network low complexity flask-cors-project debian opensuse CWE-22	7.5
2020-08-30	CVE-2020-14352	Path Traversal vulnerability in multiple products A flaw was found in librepo in versions before 1.12.1. network low complexity redhat opensuse fedoraproject CWE-22	8.0
2020-08-29	CVE-2020-24972	Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. network low complexity kleopatra-project fedoraproject opensuse CWE-116	8.8
2020-08-25	CVE-2020-24614	Missing Authorization vulnerability in multiple products Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. network low complexity fossil-scm fedoraproject opensuse CWE-862	8.8
2020-08-24	CVE-2020-24606	Improper Locking vulnerability in multiple products Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. network low complexity squid-cache canonical debian fedoraproject opensuse CWE-667	7.5
2020-08-24	CVE-2020-14350	Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. local low complexity postgresql debian opensuse canonical CWE-426	7.3