Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6392	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-11	CVE-2020-6391	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-06	CVE-2020-8608	Classic Buffer Overflow vulnerability in multiple products In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. network high complexity libslirp-project debian opensuse CWE-120	5.6
2020-02-06	CVE-2020-8649	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. low complexity linux opensuse debian CWE-416	5.9
2020-02-06	CVE-2020-8647	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. local low complexity linux debian opensuse CWE-416	6.1
2020-02-05	CVE-2020-8632	Weak Password Requirements vulnerability in multiple products In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. local low complexity canonical opensuse debian CWE-521	5.5
2020-02-05	CVE-2020-8631	Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. local low complexity canonical opensuse debian CWE-330	5.5
2020-02-02	CVE-2019-20446	Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. network low complexity gnome opensuse fedoraproject debian canonical netapp CWE-400	6.5
2020-01-30	CVE-2020-8492	Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. network low complexity python opensuse canonical fedoraproject debian CWE-400	6.5
2020-01-28	CVE-2020-0549	Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel opensuse debian canonical fedoraproject CWE-404	5.5