Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-11	CVE-2020-6393	Missing Authorization vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-862	6.5
2020-02-11	CVE-2020-6392	Cross-site Scripting vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-11	CVE-2020-6391	Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. network low complexity google opensuse fedoraproject debian suse redhat CWE-79	4.3
2020-02-07	CVE-2020-1700	Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. network low complexity ceph redhat opensuse canonical CWE-400	6.5
2020-02-06	CVE-2020-8608	Classic Buffer Overflow vulnerability in multiple products In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. network high complexity libslirp-project debian opensuse CWE-120	5.6
2020-02-06	CVE-2020-8649	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. low complexity linux opensuse debian CWE-416	5.9
2020-02-06	CVE-2020-8647	Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. local low complexity linux debian opensuse CWE-416	6.1
2020-02-05	CVE-2020-8632	Weak Password Requirements vulnerability in multiple products In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. local low complexity canonical opensuse debian CWE-521	5.5
2020-02-05	CVE-2020-8631	Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. local low complexity canonical opensuse debian CWE-330	5.5
2020-02-04	CVE-2020-8118	Server-Side Request Forgery (SSRF) vulnerability in multiple products An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. network low complexity nextcloud novell opensuse CWE-918	5.0