Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-24	CVE-2020-6816	Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. network low complexity mozilla fedoraproject CWE-79	6.1
2020-03-24	CVE-2020-6802	Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. network low complexity mozilla fedoraproject CWE-79	6.1
2020-03-24	CVE-2020-10941	Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. network high complexity arm fedoraproject debian	5.9
2020-03-24	CVE-2020-9359	KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. local low complexity kde debian fedoraproject	5.3
2020-03-23	CVE-2020-6426	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google suse opensuse fedoraproject debian CWE-787	6.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4
2020-03-20	CVE-2020-8139	Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. network low complexity nextcloud fedoraproject CWE-862	6.5
2020-03-19	CVE-2020-5267	In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. network low complexity rubyonrails debian fedoraproject opensuse	4.8
2020-03-19	CVE-2019-20485	Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). low complexity redhat debian fedoraproject CWE-20	5.7