Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-31	CVE-2019-14905	Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. local low complexity redhat fedoraproject opensuse CWE-668	5.6
2020-03-27	CVE-2020-8552	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. network low complexity kubernetes fedoraproject CWE-770	4.3
2020-03-27	CVE-2020-8551	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. low complexity kubernetes fedoraproject CWE-770	6.5
2020-03-24	CVE-2020-6816	Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. network low complexity mozilla fedoraproject CWE-79	6.1
2020-03-24	CVE-2020-6802	Cross-site Scripting vulnerability in multiple products In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. network low complexity mozilla fedoraproject CWE-79	6.1
2020-03-24	CVE-2020-10941	Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. network high complexity arm fedoraproject debian	5.9
2020-03-24	CVE-2020-9359	KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. local low complexity kde debian fedoraproject	5.3
2020-03-23	CVE-2020-6426	Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google suse opensuse fedoraproject debian CWE-787	6.5
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4