Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6392	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-11	CVE-2020-6391	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-07	CVE-2020-1700	Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. network low complexity ceph redhat opensuse canonical CWE-400	6.5
2020-02-06	CVE-2020-8608	Classic Buffer Overflow vulnerability in multiple products In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. network high complexity libslirp-project debian opensuse CWE-120	5.6
2020-02-06	CVE-2020-8649	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. low complexity linux opensuse debian CWE-416	5.9
2020-02-06	CVE-2020-8647	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. local low complexity linux debian opensuse CWE-416	6.1
2020-02-05	CVE-2020-8632	Weak Password Requirements vulnerability in multiple products In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. local low complexity canonical opensuse debian CWE-521	5.5
2020-02-05	CVE-2020-8631	Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. local low complexity canonical opensuse debian CWE-330	5.5
2020-02-04	CVE-2020-8118	Server-Side Request Forgery (SSRF) vulnerability in multiple products An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. network low complexity nextcloud novell opensuse CWE-918	5.0
2020-02-04	CVE-2019-15624	Improper Input Validation vulnerability in multiple products Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. network low complexity nextcloud opensuse suse CWE-20	4.9