Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-19	CVE-2020-10995	Resource Exhaustion vulnerability in multiple products PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. network low complexity powerdns fedoraproject debian opensuse CWE-400	7.5
2020-05-19	CVE-2020-10135	Authentication Bypass by Spoofing vulnerability in multiple products Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. low complexity bluetooth opensuse CWE-290	4.8
2020-05-19	CVE-2020-8617	Reachable Assertion vulnerability in multiple products Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. network high complexity isc debian fedoraproject opensuse canonical CWE-617	5.9
2020-05-19	CVE-2020-12663	Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. network low complexity nlnetlabs debian opensuse canonical fedoraproject CWE-835	7.5
2020-05-19	CVE-2020-12662	Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. network low complexity nlnetlabs debian opensuse canonical fedoraproject CWE-400	7.5
2020-05-19	CVE-2020-12244	Improper Verification of Cryptographic Signature vulnerability in multiple products An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. network low complexity powerdns fedoraproject debian opensuse CWE-347	7.5
2020-05-18	CVE-2020-13143	Out-of-bounds Read vulnerability in multiple products gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. network low complexity linux opensuse debian canonical netapp CWE-125	6.5
2020-05-18	CVE-2020-12801	Cleartext Storage of Sensitive Information vulnerability in multiple products If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. network low complexity libreoffice opensuse CWE-312	5.3
2020-05-15	CVE-2020-12888	Improper Handling of Exceptional Conditions vulnerability in multiple products The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. local high complexity linux fedoraproject opensuse debian canonical netapp CWE-755	5.3
2020-05-15	CVE-2020-11526	Integer Overflow or Wraparound vulnerability in multiple products libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. network freerdp canonical opensuse debian CWE-190	3.5