Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-12459	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. local low complexity grafana fedoraproject CWE-732	5.5
2020-04-29	CVE-2020-12458	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. local low complexity grafana redhat fedoraproject CWE-732	5.5
2020-04-27	CVE-2020-12272	Authentication Bypass by Spoofing vulnerability in multiple products OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. network low complexity trusteddomain fedoraproject CWE-290	5.3
2020-04-24	CVE-2020-12137	Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. network low complexity gnu debian fedoraproject canonical opensuse CWE-79	6.1
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-22	CVE-2020-1983	Use After Free vulnerability in multiple products A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. local low complexity libslirp-project fedoraproject debian opensuse canonical CWE-416	6.5
2020-04-15	CVE-2020-2934	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). network high complexity oracle fedoraproject debian	5.0
2020-04-15	CVE-2020-2930	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network high complexity oracle fedoraproject canonical netapp	4.4
2020-04-15	CVE-2020-2928	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle fedoraproject	4.9
2020-04-15	CVE-2020-2926	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). network high complexity oracle fedoraproject	4.4