Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-21	CVE-2020-6475	Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google opensuse fedoraproject debian	6.5
2020-05-21	CVE-2020-6473	Information Exposure Through Discrepancy vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. network low complexity google fedoraproject opensuse debian CWE-203	6.5
2020-05-21	CVE-2020-6472	Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. network low complexity google fedoraproject opensuse debian	6.5
2020-05-21	CVE-2020-6470	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. network low complexity google fedoraproject opensuse debian CWE-79	6.1
2020-05-06	CVE-2020-12108	Injection vulnerability in multiple products /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. network low complexity gnu debian fedoraproject opensuse canonical CWE-74	6.5
2020-05-04	CVE-2020-12625	Cross-site Scripting vulnerability in multiple products An issue was discovered in Roundcube Webmail before 1.4.4. network low complexity roundcube debian opensuse CWE-79	6.1
2020-04-24	CVE-2020-12137	Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. network low complexity gnu debian fedoraproject canonical opensuse CWE-79	6.1
2020-04-13	CVE-2020-6444	Use of Uninitialized Resource vulnerability in multiple products Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject debian opensuse CWE-908	6.3
2020-04-13	CVE-2020-6438	Information Exposure Through an Error Message vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. network low complexity google debian fedoraproject opensuse CWE-209	4.3
2020-03-31	CVE-2019-14905	Exposure of Resource to Wrong Sphere vulnerability in multiple products A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. local low complexity redhat fedoraproject opensuse CWE-668	5.6