Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-6431	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	4.3
2020-04-02	CVE-2020-11494	Missing Initialization of Resource vulnerability in multiple products An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. local low complexity linux opensuse debian canonical CWE-909	4.4
2020-04-02	CVE-2020-1927	Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. network low complexity apache fedoraproject debian canonical opensuse netapp broadcom oracle CWE-601	6.1
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2020-04-01	CVE-2020-7066	In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. network low complexity php tenable opensuse debian	4.3
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network low complexity php debian canonical opensuse tenable CWE-125	5.4
2020-03-27	CVE-2020-10955	Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. network low complexity gitlab debian CWE-862	6.5
2020-03-27	CVE-2020-1770	Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. network low complexity otrs opensuse debian CWE-200	4.3
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local high complexity linux opensuse debian canonical CWE-787	5.3
2020-03-24	CVE-2020-10941	Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. network high complexity arm fedoraproject debian	5.9