Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-27	CVE-2020-6095	NULL Pointer Dereference vulnerability in multiple products An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. network low complexity gstreamer-project opensuse CWE-476	5.0
2020-03-27	CVE-2020-1772	It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. network low complexity otrs opensuse debian	7.5
2020-03-27	CVE-2020-1770	Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. network low complexity otrs opensuse debian CWE-200	4.3
2020-03-27	CVE-2020-1769	In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. network low complexity otrs opensuse	4.3
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local linux opensuse debian canonical CWE-787	5.4
2020-03-24	CVE-2020-10938	Integer Overflow or Wraparound vulnerability in multiple products GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. network low complexity graphicsmagick debian opensuse CWE-190	7.5
2020-03-24	CVE-2020-1747	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml fedoraproject opensuse oracle CWE-20 critical	9.8
2020-03-23	CVE-2020-10593	Memory Leak vulnerability in multiple products Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. network low complexity torproject opensuse CWE-401	7.5
2020-03-23	CVE-2020-10592	Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. network low complexity torproject opensuse	7.8
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4