Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-26	CVE-2019-15796	Improper Verification of Cryptographic Signature vulnerability in multiple products Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. network high complexity ubuntu debian CWE-347	4.7
2020-03-26	CVE-2019-15795	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. network high complexity ubuntu debian CWE-327	4.7
2020-03-24	CVE-2020-10942	Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. local high complexity linux opensuse debian canonical CWE-787	5.3
2020-03-24	CVE-2020-10941	Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. network high complexity arm fedoraproject debian	5.9
2020-03-24	CVE-2020-9359	KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. local low complexity kde debian fedoraproject	5.3
2020-03-23	CVE-2020-8866	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-434	6.5
2020-03-23	CVE-2020-8865	Path Traversal vulnerability in multiple products This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. network low complexity horde debian CWE-22	6.3
2020-03-23	CVE-2020-6426	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google suse opensuse fedoraproject debian CWE-787	6.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-23	CVE-2020-1951	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. local low complexity apache oracle debian canonical CWE-835	5.5