Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-13	CVE-2020-6431	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	4.3
2020-04-12	CVE-2020-11724	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in OpenResty before 1.15.8.4. network low complexity openresty debian CWE-444	5.0
2020-04-09	CVE-2020-11655	Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. network low complexity sqlite netapp debian canonical oracle siemens tenable CWE-665	5.0
2020-04-02	CVE-2020-1927	Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. network low complexity apache fedoraproject debian canonical opensuse netapp broadcom oracle CWE-601	6.1
2020-04-01	CVE-2020-1934	Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. network low complexity apache fedoraproject debian canonical opensuse oracle CWE-908	5.3
2020-04-01	CVE-2020-7066	In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. network php tenable opensuse debian	4.3
2020-04-01	CVE-2020-7065	Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. network php debian canonical tenable CWE-787	6.8
2020-04-01	CVE-2020-7064	Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. network php debian canonical opensuse tenable CWE-125	5.8
2020-03-27	CVE-2020-10955	Missing Authorization vulnerability in multiple products GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. network low complexity gitlab debian CWE-862	4.0
2020-03-27	CVE-2020-1770	Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. network low complexity otrs opensuse debian CWE-200	4.3