Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-11	CVE-2020-0256	Out-of-bounds Write vulnerability in multiple products In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. low complexity google debian CWE-787	6.8
2020-08-05	CVE-2020-14347	A flaw was found in the way xserver memory was not properly initialized. local low complexity x-org debian canonical	5.5
2020-07-29	CVE-2020-16135	NULL Pointer Dereference vulnerability in multiple products libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. network high complexity libssh debian fedoraproject canonical oracle CWE-476	5.9
2020-07-29	CVE-2020-16117	NULL Pointer Dereference vulnerability in multiple products In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. network high complexity gnome debian CWE-476	5.9
2020-07-29	CVE-2020-15707	Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. local high complexity gnu redhat microsoft canonical debian suse opensuse netapp CWE-190	6.4
2020-07-29	CVE-2020-15706	Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. local high complexity gnu redhat canonical debian suse microsoft opensuse CWE-416	6.4
2020-07-29	CVE-2020-15705	Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. local high complexity gnu redhat canonical debian suse opensuse microsoft CWE-347	6.4
2020-07-28	CVE-2020-15863	Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. local high complexity qemu debian canonical CWE-787	5.3
2020-07-27	CVE-2020-15954	Cleartext Transmission of Sensitive Information vulnerability in multiple products KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. network low complexity kde debian CWE-319	6.5
2020-07-22	CVE-2020-6536	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. network low complexity google debian opensuse fedoraproject	4.3