Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-21	CVE-2020-6469	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. network low complexity google debian opensuse fedoraproject CWE-276 critical	9.6
2020-05-21	CVE-2020-6471	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. network low complexity google fedoraproject opensuse debian CWE-276 critical	9.6
2020-05-12	CVE-2020-12823	Classic Buffer Overflow vulnerability in multiple products OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. network low complexity infradead fedoraproject debian opensuse CWE-120 critical	9.8
2020-05-01	CVE-2020-10683	XXE vulnerability in multiple products dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. network low complexity dom4j-project oracle opensuse netapp canonical CWE-611 critical	9.8
2020-04-23	CVE-2020-11945	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. network low complexity squid-cache debian opensuse fedoraproject canonical CWE-190 critical	9.8
2020-04-22	CVE-2019-20787	Integer Overflow or Wraparound vulnerability in multiple products Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. network low complexity teeworlds opensuse CWE-190 critical	9.8
2020-03-24	CVE-2020-1747	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml fedoraproject opensuse oracle CWE-20 critical	9.8
2020-03-02	CVE-2020-10018	Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. network low complexity webkitgtk wpewebkit fedoraproject debian canonical opensuse CWE-416 critical	9.8
2020-02-27	CVE-2020-3868	Out-of-bounds Write vulnerability in multiple products Multiple memory corruption issues were addressed with improved memory handling. network apple opensuse CWE-787 critical	9.3
2020-02-27	CVE-2020-7043	Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. network low complexity openfortivpn-project fedoraproject opensuse CWE-295 critical	9.1