Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-22	CVE-2020-10802	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	8.0
2020-03-22	CVE-2020-10804	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). network low complexity phpmyadmin fedoraproject opensuse suse CWE-89	8.0
2020-03-21	CVE-2019-17185	Improper Synchronization vulnerability in multiple products In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. network low complexity freeradius opensuse CWE-662	5.0
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-19	CVE-2020-5267	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. network low complexity rubyonrails debian fedoraproject opensuse CWE-80	4.8
2020-03-19	CVE-2020-10648	Improper Input Validation vulnerability in multiple products Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. network denx opensuse CWE-20	6.8
2020-03-18	CVE-2019-12921	Command Injection vulnerability in multiple products In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. network graphicsmagick debian opensuse CWE-77	4.3
2020-03-12	CVE-2020-0556	Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access low complexity bluez canonical debian opensuse	5.8
2020-03-12	CVE-2020-10531	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190	8.8
2020-03-11	CVE-2020-7598	minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. network substack opensuse	6.8