Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2020-6518

  • EPSS 3.21%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.

6.5

CVE-2020-6519

Exploit
  • EPSS 23.71%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

9.3

CVE-2020-6520

  • EPSS 1.73%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5

CVE-2020-6521

  • EPSS 2.41%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

9.6

CVE-2020-6522

  • EPSS 2.28%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

9.3

CVE-2020-6523

  • EPSS 3.21%
  • Veröffentlicht 22.07.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:35:53

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6

CVE-2020-15121

  • EPSS 0.59%
  • Veröffentlicht 20.07.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:04:51

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will...

7.5

CVE-2020-3481

  • EPSS 2.98%
  • Veröffentlicht 20.07.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:31:09

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to...

9.8

CVE-2020-14001

  • EPSS 9.35%
  • Veröffentlicht 17.07.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:19

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins w...

5.9

CVE-2020-14928

Exploit
  • EPSS 6.35%
  • Veröffentlicht 17.07.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:04:27

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."