Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-15	CVE-2020-14093	Cleartext Transmission of Sensitive Information vulnerability in multiple products Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. network high complexity mutt canonical debian opensuse CWE-319	5.9
2020-06-12	CVE-2020-4048	In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. network low complexity wordpress fedoraproject debian	5.7
2020-06-12	CVE-2020-4047	In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. network low complexity wordpress fedoraproject debian	6.8
2020-06-12	CVE-2020-4046	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. network low complexity wordpress debian fedoraproject CWE-79	5.4
2020-06-11	CVE-2020-0182	Out-of-bounds Read vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. network low complexity google debian CWE-125	6.5
2020-06-09	CVE-2020-13965	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube debian fedoraproject CWE-79	6.1
2020-06-09	CVE-2020-13964	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube fedoraproject debian CWE-79	6.1
2020-06-08	CVE-2020-13696	Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. local low complexity linuxtv debian opensuse fedoraproject canonical CWE-863	4.4
2020-06-07	CVE-2020-13904	Use After Free vulnerability in multiple products FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. local low complexity ffmpeg canonical debian CWE-416	5.5
2020-06-04	CVE-2020-13765	Out-of-bounds Write vulnerability in multiple products rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. network high complexity qemu canonical debian CWE-787	5.6