Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-12	CVE-2020-4047	In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. network low complexity wordpress fedoraproject debian	6.8
2020-06-12	CVE-2020-4046	Cross-site Scripting vulnerability in multiple products In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. network low complexity wordpress debian fedoraproject CWE-79	5.4
2020-06-09	CVE-2020-13977	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. network low complexity nagios fedoraproject CWE-829	4.9
2020-06-09	CVE-2020-13965	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube debian fedoraproject CWE-79	6.1
2020-06-09	CVE-2020-13964	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. network low complexity roundcube fedoraproject debian CWE-79	6.1
2020-06-08	CVE-2020-10754	Missing Authentication for Critical Function vulnerability in multiple products It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. network low complexity gnome fedoraproject CWE-306	4.3
2020-06-08	CVE-2020-13696	Incorrect Authorization vulnerability in multiple products An issue was discovered in LinuxTV xawtv before 3.107. local low complexity linuxtv debian opensuse fedoraproject canonical CWE-863	4.4
2020-06-08	CVE-2020-12803	Improper Input Validation vulnerability in multiple products ODF documents can contain forms to be filled out by the user. network low complexity libreoffice opensuse fedoraproject CWE-20	6.5
2020-06-08	CVE-2020-12802	LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. network low complexity libreoffice fedoraproject opensuse	5.3
2020-06-05	CVE-2020-13867	Incorrect Default Permissions vulnerability in multiple products Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). local low complexity targetcli-fb-project fedoraproject CWE-276	5.5