Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-05	CVE-2020-14347	Improper Initialization vulnerability in multiple products A flaw was found in the way xserver memory was not properly initialized. local low complexity x-org debian canonical CWE-665	5.5
2020-07-29	CVE-2020-16135	NULL Pointer Dereference vulnerability in multiple products libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. network high complexity libssh debian fedoraproject canonical oracle CWE-476	5.9
2020-07-29	CVE-2020-16117	NULL Pointer Dereference vulnerability in multiple products In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. network gnome debian CWE-476	4.3
2020-07-29	CVE-2020-15707	Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. local gnu redhat microsoft canonical debian opensuse suse netapp CWE-190	4.4
2020-07-29	CVE-2020-15706	Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. local high complexity gnu redhat canonical debian suse microsoft opensuse CWE-416	6.4
2020-07-29	CVE-2020-15705	Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. local gnu redhat canonical debian opensuse suse microsoft CWE-347	4.4
2020-07-28	CVE-2020-15863	Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. local high complexity qemu debian canonical CWE-787	5.3
2020-07-27	CVE-2020-15954	Cleartext Transmission of Sensitive Information vulnerability in multiple products KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. network kde debian CWE-319	4.3
2020-07-22	CVE-2020-6536	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. network low complexity google debian opensuse fedoraproject	4.3
2020-07-22	CVE-2020-6535	Cross-site Scripting vulnerability in multiple products Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-79	6.1