High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-03	CVE-2020-13379	Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. network low complexity grafana fedoraproject netapp opensuse CWE-918	8.2
2020-05-22	CVE-2020-13398	Out-of-bounds Write vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. network low complexity freerdp debian opensuse canonical CWE-787	8.3
2020-05-22	CVE-2020-13396	Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. network low complexity freerdp debian opensuse canonical CWE-125	7.1
2020-05-22	CVE-2020-11077	In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. network low complexity puma fedoraproject debian opensuse	7.5
2020-05-21	CVE-2020-12693	Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. network high complexity schedmd fedoraproject opensuse debian	8.1
2020-05-21	CVE-2020-13113	Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in libexif before 0.6.22. network low complexity libexif-project debian canonical opensuse CWE-908	8.2
2020-05-21	CVE-2020-13114	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in libexif before 0.6.22. network low complexity libexif-project canonical opensuse CWE-770	7.5
2020-05-21	CVE-2020-6477	Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. local low complexity google fedoraproject opensuse CWE-59	7.8
2020-05-21	CVE-2020-6474	Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse fedoraproject debian CWE-416	8.8
2020-05-21	CVE-2020-6468	Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-843	8.8