Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-28	CVE-2019-3698	Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. local nagios opensuse CWE-59	6.9
2020-02-27	CVE-2020-9431	Memory Leak vulnerability in multiple products In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. network low complexity wireshark opensuse fedoraproject debian CWE-401	7.5
2020-02-27	CVE-2020-9430	Improper Input Validation vulnerability in multiple products In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. network low complexity wireshark fedoraproject opensuse debian CWE-20	7.5
2020-02-27	CVE-2020-9429	NULL Pointer Dereference vulnerability in multiple products In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. network low complexity wireshark opensuse CWE-476	7.5
2020-02-27	CVE-2020-9428	Out-of-bounds Read vulnerability in multiple products In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. network low complexity wireshark debian fedoraproject opensuse CWE-125	7.5
2020-02-27	CVE-2020-7063	Improper Preservation of Permissions vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. network low complexity php tenable debian opensuse CWE-281	5.0
2020-02-27	CVE-2020-7062	NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. network php opensuse debian canonical CWE-476	4.3
2020-02-27	CVE-2020-3868	Out-of-bounds Write vulnerability in multiple products Multiple memory corruption issues were addressed with improved memory handling. network apple opensuse CWE-787 critical	9.3
2020-02-27	CVE-2020-3867	Cross-site Scripting vulnerability in multiple products A logic issue was addressed with improved state management. network apple opensuse webkitgtk CWE-79	4.3
2020-02-27	CVE-2020-3865	Out-of-bounds Write vulnerability in multiple products Multiple memory corruption issues were addressed with improved memory handling. network apple opensuse CWE-787	6.8