Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-25 | CVE-2020-6812 | Information Exposure vulnerability in multiple products The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. | 5.3 |
2020-03-25 | CVE-2020-6811 | Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 6.8 |
2020-03-25 | CVE-2020-6807 | Use After Free vulnerability in multiple products When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. | 8.8 |
2020-03-25 | CVE-2020-6806 | Out-of-bounds Read vulnerability in multiple products By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. | 8.8 |
2020-03-25 | CVE-2020-6805 | Use After Free vulnerability in multiple products When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. | 8.8 |
2020-03-24 | CVE-2020-10942 | Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | 5.4 |
2020-03-23 | CVE-2020-1951 | Infinite Loop vulnerability in multiple products A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 |
2020-03-23 | CVE-2020-1950 | Resource Exhaustion vulnerability in multiple products A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | 5.5 |
2020-03-20 | CVE-2019-18860 | Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | 6.1 |
2020-03-20 | CVE-2019-14855 | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. | 7.5 |