Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-15	CVE-2015-5230	Improper Input Validation vulnerability in multiple products The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. network low complexity powerdns debian CWE-20	5.0
2020-01-13	CVE-2019-19728	Improper Privilege Management vulnerability in multiple products SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. network schedmd opensuse debian CWE-269	6.0
2020-01-10	CVE-2020-1767	Agent A is able to save a draft (i.e. network low complexity otrs debian	4.3
2020-01-10	CVE-2020-1766	Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. network low complexity otrs debian CWE-79	6.1
2020-01-10	CVE-2020-1765	An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. network low complexity otrs debian opensuse	5.3
2020-01-09	CVE-2020-5504	SQL Injection vulnerability in multiple products In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. network low complexity phpmyadmin suse debian CWE-89	6.5
2020-01-08	CVE-2019-17024	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. network mozilla canonical debian redhat opensuse CWE-787	6.8
2020-01-08	CVE-2019-17023	Improper Authentication vulnerability in multiple products After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. network low complexity mozilla canonical debian CWE-287	6.5
2020-01-08	CVE-2019-17022	Cross-site Scripting vulnerability in Mozilla Firefox and Firefox ESR When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. network mozilla canonical debian redhat CWE-79	4.3
2020-01-08	CVE-2019-17017	Type Confusion vulnerability in Mozilla Firefox and Firefox ESR Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. network mozilla canonical debian redhat CWE-843	6.8