Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-03	CVE-2020-6497	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. network low complexity google debian CWE-276	6.5
2020-06-03	CVE-2020-6496	Use After Free vulnerability in multiple products Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. network google debian opensuse CWE-416	6.8
2020-06-03	CVE-2020-6495	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. network low complexity google debian opensuse CWE-276	6.5
2020-06-03	CVE-2020-6494	Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network google debian opensuse	4.3
2020-06-03	CVE-2020-13596	Cross-site Scripting vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network low complexity djangoproject fedoraproject canonical netapp debian oracle CWE-79	6.1
2020-06-03	CVE-2020-13254	Improper Certificate Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network high complexity djangoproject canonical fedoraproject netapp debian oracle CWE-295	5.9
2020-06-03	CVE-2019-20811	An issue was discovered in the Linux kernel before 5.0.6. local low complexity linux debian canonical	5.5
2020-06-02	CVE-2020-13754	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. local low complexity qemu canonical debian CWE-119	4.6
2020-06-02	CVE-2020-13401	Improper Input Validation vulnerability in multiple products An issue was discovered in Docker Engine before 19.03.11. network high complexity docker fedoraproject debian broadcom CWE-20	6.0
2020-06-01	CVE-2020-12867	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. local low complexity sane-project fedoraproject debian opensuse canonical CWE-476	5.5