Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-06	CVE-2020-15136	Missing Authentication for Critical Function vulnerability in multiple products In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. network high complexity redhat fedoraproject CWE-306	6.5
2020-08-05	CVE-2020-15112	Improper Validation of Array Index vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. network low complexity etcd fedoraproject CWE-129	6.5
2020-08-05	CVE-2020-15106	In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. network low complexity etcd fedoraproject	6.5
2020-08-05	CVE-2020-14344	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. local low complexity x-org fedoraproject canonical opensuse CWE-190	6.7
2020-08-03	CVE-2020-16269	radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. local low complexity radare fedoraproject	5.5
2020-07-29	CVE-2020-16135	NULL Pointer Dereference vulnerability in multiple products libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. network high complexity libssh debian fedoraproject canonical oracle CWE-476	5.9
2020-07-22	CVE-2020-6536	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. network low complexity google debian opensuse fedoraproject	4.3
2020-07-22	CVE-2020-6535	Cross-site Scripting vulnerability in multiple products Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-79	6.1
2020-07-22	CVE-2020-6531	Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-203	4.3
2020-07-22	CVE-2020-6529	Improper Certificate Validation vulnerability in multiple products Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-295	4.3