Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-05	CVE-2020-12656	Memory Leak vulnerability in multiple products gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. local low complexity linux canonical opensuse CWE-401	5.5
2020-05-05	CVE-2020-12653	Out-of-bounds Write vulnerability in multiple products An issue was found in Linux kernel before 5.5.4. local low complexity linux opensuse debian netapp CWE-787	7.8
2020-05-04	CVE-2020-10700	Use After Free vulnerability in multiple products A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. network high complexity samba fedoraproject opensuse CWE-416	5.3
2020-05-04	CVE-2020-12641	OS Command Injection vulnerability in multiple products rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. network low complexity roundcube opensuse CWE-78 critical	9.8
2020-05-04	CVE-2020-12640	Path Traversal vulnerability in multiple products Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. network low complexity roundcube opensuse CWE-22 critical	9.8
2020-05-04	CVE-2020-12625	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian opensuse CWE-79	6.1
2020-05-01	CVE-2020-10683	XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. network low complexity dom4j-project oracle opensuse netapp canonical CWE-611 critical	9.8
2020-04-30	CVE-2020-11652	Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical blackberry vmware CWE-22	6.5
2020-04-30	CVE-2020-11651	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. network low complexity saltstack opensuse debian canonical vmware critical	9.8
2020-04-29	CVE-2020-11022	In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery drupal debian fedoraproject oracle netapp opensuse tenable	6.1