Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-03	CVE-2020-15981	Out-of-bounds Read vulnerability in multiple products Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-125	6.5
2020-11-03	CVE-2020-15977	Improper Input Validation vulnerability in multiple products Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-20	6.5
2020-11-03	CVE-2020-15973	Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. network low complexity google fedoraproject opensuse debian	6.5
2020-11-02	CVE-2020-28038	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows stored XSS via post slugs. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-11-02	CVE-2020-28034	Cross-site Scripting vulnerability in multiple products WordPress before 5.5.2 allows XSS associated with global variables. network low complexity wordpress fedoraproject debian CWE-79	6.1
2020-10-29	CVE-2020-14323	NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. local low complexity samba opensuse fedoraproject debian CWE-476	5.5
2020-10-22	CVE-2020-27675	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. local high complexity linux fedoraproject debian CWE-416	4.7
2020-10-22	CVE-2020-27674	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. local low complexity xen fedoraproject debian CWE-787	5.3
2020-10-10	CVE-2020-26934	Cross-site Scripting vulnerability in multiple products phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. network low complexity phpmyadmin opensuse fedoraproject debian CWE-79	6.1
2020-10-06	CVE-2020-26572	Out-of-bounds Write vulnerability in multiple products The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. local low complexity opensc-project fedoraproject debian CWE-787	5.5