Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-24	CVE-2020-1935	HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. network high complexity apache debian canonical opensuse netapp oracle CWE-444	4.8
2020-02-24	CVE-2019-17569	HTTP Request Smuggling vulnerability in multiple products The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. network high complexity apache opensuse netapp debian oracle CWE-444	4.8
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-21	CVE-2012-0844	Information Exposure vulnerability in multiple products Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. local low complexity netsurf-browser debian CWE-200	5.5
2020-02-20	CVE-2011-4915	Information Exposure vulnerability in multiple products fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. local low complexity linux canonical debian CWE-200	5.5
2020-02-20	CVE-2019-20479	Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. network low complexity openidc debian fedoraproject opensuse CWE-601	6.1
2020-02-13	CVE-2019-10785	Cross-site Scripting vulnerability in multiple products dojox is vulnerable to Cross-site Scripting in all versions before version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. network low complexity linuxfoundation debian CWE-79	6.1
2020-02-11	CVE-2020-1711	Out-of-bounds Write vulnerability in multiple products An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. network high complexity qemu redhat debian opensuse CWE-787	6.0
2020-02-11	CVE-2020-6408	Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	6.5
2020-02-11	CVE-2020-6403	Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	4.3