Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2020-15959

  • EPSS 0.88%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:32

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

8.8

CVE-2020-15960

Exploit
  • EPSS 2.26%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:32

Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

9.6

CVE-2020-15961

Exploit
  • EPSS 1.35%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:33

Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

8.8

CVE-2020-15962

Exploit
  • EPSS 3.11%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:33

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

9.6

CVE-2020-15963

Exploit
  • EPSS 1.35%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:33

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

8.8

CVE-2020-15964

Exploit
  • EPSS 2.27%
  • Veröffentlicht 21.09.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:06:33

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5

CVE-2020-8251

  • EPSS 3.06%
  • Veröffentlicht 18.09.2020 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:35

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

7.8

CVE-2020-8252

  • EPSS 0.2%
  • Veröffentlicht 18.09.2020 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:38:35

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

7.4

CVE-2020-8201

  • EPSS 0.63%
  • Veröffentlicht 18.09.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:29

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multit...

4.7

CVE-2019-20919

  • EPSS 0.12%
  • Veröffentlicht 17.09.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:39:41

An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.