Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-07	CVE-2020-15563	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. local low complexity xen debian fedoraproject opensuse CWE-119	6.5
2020-07-06	CVE-2020-15569	Use After Free vulnerability in multiple products PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor. local low complexity milkytracker-project debian CWE-416	5.5
2020-07-06	CVE-2020-15562	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. network low complexity roundcube debian CWE-79	6.1
2020-07-02	CVE-2020-8166	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. network low complexity rubyonrails debian CWE-352	4.3
2020-07-02	CVE-2020-9498	Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. local high complexity apache fedoraproject debian CWE-787	6.7
2020-07-02	CVE-2020-9497	Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. local high complexity apache fedoraproject debian CWE-20	4.4
2020-06-29	CVE-2020-15393	Memory Leak vulnerability in multiple products In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. local low complexity linux debian opensuse canonical CWE-401	5.5
2020-06-29	CVE-2020-15389	Use After Free vulnerability in multiple products jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. network high complexity uclouvain debian oracle CWE-416	6.5
2020-06-26	CVE-2020-15306	Out-of-bounds Write vulnerability in multiple products An issue was discovered in OpenEXR before v2.5.2. local low complexity openexr fedoraproject opensuse debian canonical CWE-787	5.5
2020-06-26	CVE-2020-15305	Use After Free vulnerability in multiple products An issue was discovered in OpenEXR before 2.5.2. local low complexity openexr fedoraproject opensuse debian canonical CWE-416	5.5