Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-27	CVE-2020-7042	Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. network low complexity openfortivpn-project fedoraproject opensuse CWE-908	5.3
2020-02-27	CVE-2020-7041	Improper Certificate Validation vulnerability in multiple products An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. network low complexity openfortivpn-project fedoraproject opensuse CWE-295	5.3
2020-02-25	CVE-2020-9391	Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. local low complexity linux fedoraproject netapp CWE-787	5.5
2020-02-25	CVE-2020-8793	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. local high complexity opensmtpd fedoraproject canonical CWE-367	4.7
2020-02-24	CVE-2020-8130	OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `\|`. local high complexity ruby-lang debian canonical fedoraproject opensuse CWE-78	6.4
2020-02-20	CVE-2019-20479	Open Redirect vulnerability in multiple products A flaw was found in mod_auth_openidc before version 2.4.1. network low complexity openidc debian fedoraproject opensuse CWE-601	6.1
2020-02-12	CVE-2020-7957	Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. network low complexity dovecot fedoraproject CWE-20	5.3
2020-02-11	CVE-2020-6408	Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	6.5
2020-02-11	CVE-2020-6403	Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat	4.3
2020-02-11	CVE-2020-6400	Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-203	6.5