High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-31	CVE-2014-8139	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. local low complexity unzip-project redhat CWE-787	7.8
2020-01-31	CVE-2011-4088	Information Exposure vulnerability in multiple products ABRT might allow attackers to obtain sensitive information from crash reports. network low complexity abrt-project fedoraproject redhat CWE-200	7.5
2020-01-27	CVE-2020-7238	HTTP Request Smuggling vulnerability in multiple products Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. network low complexity netty fedoraproject debian redhat CWE-444	7.5
2020-01-27	CVE-2015-0294	Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. network low complexity gnu debian redhat CWE-295	7.5
2020-01-23	CVE-2012-5626	Unspecified vulnerability in Redhat products EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. network low complexity redhat	7.5
2020-01-23	CVE-2019-14888	A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. network low complexity redhat netapp	7.5
2020-01-21	CVE-2019-3864	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. network low complexity redhat CWE-352	8.8
2020-01-16	CVE-2019-9503	Improper Input Validation vulnerability in multiple products The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. high complexity broadcom redhat CWE-20	8.3
2020-01-15	CVE-2020-2604	Deserialization of Untrusted Data vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). network high complexity oracle redhat debian canonical opensuse netapp mcafee CWE-502	8.1
2020-01-14	CVE-2020-0603	Out-of-bounds Write vulnerability in multiple products A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. network low complexity microsoft redhat CWE-787	8.8