Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-05	CVE-2020-8631	Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. local low complexity canonical opensuse debian CWE-330	2.1
2020-02-05	CVE-2020-5208	Classic Buffer Overflow vulnerability in multiple products It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. network low complexity ipmitool-project debian fedoraproject opensuse CWE-120	8.8
2020-02-04	CVE-2019-12528	An issue was discovered in Squid before 4.10. network low complexity squid-cache fedoraproject debian opensuse canonical	7.5
2020-02-04	CVE-2020-8517	Improper Input Validation vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache opensuse canonical CWE-20	5.0
2020-02-04	CVE-2020-8450	Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache canonical opensuse fedoraproject debian CWE-131	7.3
2020-02-04	CVE-2020-8449	Exposure of Resource to Wrong Sphere vulnerability in multiple products An issue was discovered in Squid before 4.10. network low complexity squid-cache debian canonical opensuse fedoraproject CWE-668	7.5
2020-02-02	CVE-2019-20446	Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. network low complexity gnome opensuse fedoraproject debian canonical netapp CWE-400	6.5
2020-01-30	CVE-2020-8492	Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. network low complexity python opensuse canonical fedoraproject debian CWE-400	6.5
2020-01-29	CVE-2020-8432	Double Free vulnerability in multiple products In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. network low complexity denx opensuse CWE-415 critical	9.8
2020-01-28	CVE-2020-0549	Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel opensuse debian canonical fedoraproject CWE-404	5.5