Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-04	CVE-2019-15624	Improper Input Validation vulnerability in multiple products Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. network low complexity nextcloud opensuse suse CWE-20	4.9
2020-02-04	CVE-2019-15623	Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. network low complexity nextcloud suse opensuse	5.3
2020-02-02	CVE-2019-20446	Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. network low complexity gnome opensuse fedoraproject debian canonical netapp CWE-400	6.5
2020-01-31	CVE-2013-3565	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. network low complexity videolan opensuse CWE-79	6.1
2020-01-30	CVE-2020-8492	Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. network low complexity python opensuse canonical fedoraproject debian CWE-400	6.5
2020-01-28	CVE-2020-0549	Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel opensuse debian canonical fedoraproject CWE-404	5.5
2020-01-27	CVE-2006-7246	Improper Certificate Validation vulnerability in multiple products NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. high complexity gnome opensuse suse CWE-295	6.8
2020-01-27	CVE-2018-20105	Information Exposure Through Log Files vulnerability in multiple products A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. local low complexity yast2-rmt-project opensuse suse CWE-532	5.5
2020-01-23	CVE-2019-18899	The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. local low complexity apt-cacher-ng-project opensuse	5.5
2020-01-21	CVE-2020-5202	apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. local low complexity apt-cacher-ng-project debian opensuse	5.5