Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-21	CVE-2020-8623	Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. network low complexity isc fedoraproject opensuse debian canonical synology netapp CWE-617	7.5
2020-08-21	CVE-2020-8622	Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. network low complexity isc fedoraproject debian canonical netapp opensuse synology oracle CWE-617	6.5
2020-08-21	CVE-2020-8621	Reachable Assertion vulnerability in multiple products In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. network isc opensuse canonical synology netapp CWE-617	4.3
2020-08-21	CVE-2020-8620	Reachable Assertion vulnerability in multiple products In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. network low complexity isc opensuse netapp canonical CWE-617	5.0
2020-08-19	CVE-2020-14356	NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. local low complexity linux redhat opensuse debian canonical netapp CWE-476	7.8
2020-08-19	CVE-2020-24394	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. local low complexity linux canonical opensuse oracle starwindsoftware CWE-732	7.1
2020-08-17	CVE-2020-1472	Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). local low complexity microsoft fedoraproject opensuse canonical synology samba debian oracle CWE-330	5.5
2020-08-17	CVE-2020-8233	OS Command Injection vulnerability in multiple products A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. network low complexity ui opensuse CWE-78 critical	9.0
2020-08-13	CVE-2020-17498	Double Free vulnerability in multiple products In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. network low complexity wireshark fedoraproject opensuse oracle CWE-415	6.5
2020-08-11	CVE-2020-17489	Insufficiently Protected Credentials vulnerability in multiple products An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. local gnome canonical debian opensuse CWE-522	1.9