Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-24	CVE-2020-9359	KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. local low complexity kde debian fedoraproject	5.3
2020-03-23	CVE-2020-8866	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-434	6.5
2020-03-23	CVE-2020-8865	Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-22	6.3
2020-03-23	CVE-2020-6426	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google suse opensuse fedoraproject debian CWE-787	6.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-23	CVE-2020-1951	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-835	5.5
2020-03-23	CVE-2020-1950	Resource Exhaustion vulnerability in multiple products A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-400	5.5
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-19	CVE-2020-5267	In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. network low complexity rubyonrails debian fedoraproject opensuse	4.8