Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-28	CVE-2020-13362	Out-of-bounds Read vulnerability in multiple products In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. local low complexity qemu debian opensuse canonical CWE-125	3.2
2020-05-28	CVE-2020-13361	Out-of-bounds Write vulnerability in multiple products In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. local high complexity qemu debian opensuse canonical CWE-787	3.9
2020-05-28	CVE-2019-20807	OS Command Injection vulnerability in multiple products In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). local low complexity vim debian opensuse canonical apple starwindsoftware CWE-78	4.6
2020-05-26	CVE-2020-13614	Improper Certificate Validation vulnerability in multiple products An issue was discovered in ssl.c in Axel before 2.17.8. network high complexity axel-project fedoraproject opensuse CWE-295	5.9
2020-05-26	CVE-2020-6831	Classic Buffer Overflow vulnerability in multiple products A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. network low complexity mozilla canonical debian opensuse CWE-120	7.5
2020-05-22	CVE-2020-13398	Out-of-bounds Write vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. network low complexity freerdp debian opensuse canonical CWE-787	8.3
2020-05-22	CVE-2020-13397	Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. local low complexity freerdp debian opensuse canonical CWE-125	5.5
2020-05-22	CVE-2020-13396	Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. network low complexity freerdp debian opensuse canonical CWE-125	7.1
2020-05-22	CVE-2020-11077	HTTP Request Smuggling vulnerability in multiple products In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. network low complexity puma fedoraproject debian opensuse CWE-444	7.5
2020-05-22	CVE-2020-10711	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. network high complexity linux redhat debian opensuse canonical CWE-476	5.9