Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network low complexity php debian canonical opensuse tenable CWE-125	5.4
2020-03-27	CVE-2020-10955	Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. network low complexity gitlab debian CWE-862	6.5
2020-03-27	CVE-2020-1770	Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. network low complexity otrs opensuse debian CWE-200	4.3
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local high complexity linux opensuse debian canonical CWE-787	5.3
2020-03-24	CVE-2020-10941	Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. network high complexity arm fedoraproject debian	5.9
2020-03-24	CVE-2020-9359	KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. local low complexity kde debian fedoraproject	5.3
2020-03-23	CVE-2020-8866	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-434	6.5
2020-03-23	CVE-2020-8865	Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-22	6.3
2020-03-23	CVE-2020-6426	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google suse opensuse fedoraproject debian CWE-787	6.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4