| 2020-06-30 | CVE-2020-15396 | Race Condition vulnerability in multiple products
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. | 7.8 |
| 2020-06-29 | CVE-2020-4067 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. | 7.5 |
| 2020-06-29 | CVE-2020-8014 | Unspecified vulnerability in Opensuse Leap and Tumbleweed Kopano-Spamd
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. | 7.8 |
| 2020-06-29 | CVE-2020-8022 | A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. | 7.8 |
| 2020-06-26 | CVE-2020-11996 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. | 7.5 |
| 2020-06-24 | CVE-2020-12865 | Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | 8.0 |
| 2020-06-24 | CVE-2020-12861 | Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | 8.8 |
| 2020-06-22 | CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. | 7.5 |
| 2020-06-22 | CVE-2020-8933 | Incorrect Default Permissions vulnerability in multiple products
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. | 7.8 |
| 2020-06-22 | CVE-2020-8907 | Incorrect Default Permissions vulnerability in multiple products
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. | 7.8 |