Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11866 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. | |||||
| CVE-2020-11100 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. | |||||
| CVE-2020-11863 | 3 Fedoraproject, Libemf Project, Opensuse | 3 Fedora, Libemf, Leap | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). | |||||
| CVE-2020-6816 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | |||||
| CVE-2020-6437 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | |||||
| CVE-2020-6440 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. | |||||
| CVE-2020-6435 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6433 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6439 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||
| CVE-2019-15151 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. | |||||
| CVE-2019-1020014 | 3 Canonical, Docker, Fedoraproject | 3 Ubuntu Linux, Credential Helpers, Fedora | 2022-10-06 | 2.1 LOW | 5.5 MEDIUM |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | |||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | |||||
| CVE-2019-14691 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. | |||||
| CVE-2019-14690 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. | |||||
| CVE-2020-6431 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6432 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-14734 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. | |||||
| CVE-2020-27845 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | |||||
| CVE-2020-27841 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2022-10-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. | |||||
| CVE-2020-28599 | 2 Fedoraproject, Openscad | 2 Fedora, Openscad | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||