Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-23	CVE-2020-6425	Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-20	5.4
2020-03-22	CVE-2020-10803	SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). network low complexity phpmyadmin debian fedoraproject opensuse suse CWE-89	5.4
2020-03-20	CVE-2020-8139	Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. network low complexity nextcloud fedoraproject CWE-862	6.5
2020-03-19	CVE-2020-5267	In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. network low complexity rubyonrails debian fedoraproject opensuse	4.8
2020-03-19	CVE-2019-20485	Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). low complexity redhat debian fedoraproject CWE-20	5.7
2020-03-16	CVE-2020-1740	A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. local high complexity redhat debian fedoraproject	4.7
2020-03-16	CVE-2020-1735	A flaw was found in the Ansible Engine when the fetch module is used. local low complexity redhat debian fedoraproject	4.6
2020-03-16	CVE-2020-1753	A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. local low complexity redhat debian fedoraproject	5.5
2020-03-11	CVE-2020-1733	Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. local high complexity redhat fedoraproject debian CWE-362	5.0
2020-03-10	CVE-2020-9440	Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. network low complexity ckeditor webspellchecker fedoraproject CWE-79	6.1