Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-14	CVE-2020-11758	Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. local low complexity openexr fedoraproject canonical opensuse debian apple CWE-125	5.5
2020-04-14	CVE-2020-11743	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. local low complexity xen fedoraproject CWE-755	5.5
2020-04-14	CVE-2020-11742	An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. local low complexity xen fedoraproject	5.5
2020-04-14	CVE-2020-11740	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. local low complexity xen debian fedoraproject opensuse CWE-212	5.5
2020-04-13	CVE-2020-1730	NULL Pointer Dereference vulnerability in multiple products A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. network low complexity libssh canonical netapp redhat fedoraproject oracle CWE-476	5.3
2020-04-13	CVE-2020-6456	Incorrect Default Permissions vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. network low complexity google debian fedoraproject opensuse CWE-276	6.5
2020-04-13	CVE-2020-6446	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	6.5
2020-04-13	CVE-2020-6445	Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-276	6.5
2020-04-13	CVE-2020-6444	Use of Uninitialized Resource vulnerability in multiple products Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-908	6.3
2020-04-13	CVE-2020-6442	Exposure of Resource to Wrong Sphere vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian fedoraproject opensuse CWE-668	4.3