Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-10	CVE-2020-1767	Agent A is able to save a draft (i.e. network low complexity otrs debian	4.3
2020-01-10	CVE-2020-1766	Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. network low complexity otrs debian CWE-79	6.1
2020-01-10	CVE-2020-1765	An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. network low complexity otrs debian opensuse	5.3
2020-01-08	CVE-2019-17023	Improper Authentication vulnerability in multiple products After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. network low complexity mozilla canonical debian CWE-287	6.5
2020-01-08	CVE-2019-17022	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. network low complexity mozilla canonical debian redhat CWE-79	6.1
2020-01-08	CVE-2019-17016	Cross-site Scripting vulnerability in multiple products When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. network low complexity mozilla debian canonical redhat CWE-79	6.1
2020-01-08	CVE-2020-0009	Incorrect Default Permissions vulnerability in multiple products In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. local low complexity google debian CWE-276	5.5
2020-01-08	CVE-2019-5188	Out-of-bounds Write vulnerability in multiple products A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. local low complexity e2fsprogs-project fedoraproject debian canonical opensuse netapp CWE-787	6.7
2020-01-06	CVE-2019-18179	An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. network low complexity otrs debian opensuse	4.3
2020-01-02	CVE-2014-6275	Information Exposure vulnerability in multiple products FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. network high complexity fusionforge debian CWE-200	5.9