Vulnerabilities > Fedoraproject > Fedora > 30

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-5260 Insufficiently Protected Credentials vulnerability in multiple products
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. 		7.5
7.5
2020-04-14 CVE-2020-11741 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges.
local
low complexity
xen fedoraproject debian opensuse CWE-909
8.8
8.8
2020-04-14 CVE-2020-11740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests.
local
low complexity
xen debian fedoraproject opensuse CWE-212
5.5
5.5
2020-04-14 CVE-2020-11739 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths.
local
high complexity
xen fedoraproject debian opensuse CWE-362
7.8
7.8
2020-04-13 CVE-2020-6456 Incorrect Default Permissions vulnerability in multiple products
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
network
low complexity
google debian fedoraproject opensuse CWE-276
6.5
6.5
2020-04-13 CVE-2020-6455 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject opensuse CWE-125
8.8
8.8
2020-04-13 CVE-2020-6454 Use After Free vulnerability in multiple products
Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google fedoraproject debian opensuse CWE-416
8.8
8.8
2020-04-13 CVE-2020-6452 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject opensuse CWE-787
8.8
8.8
2020-04-13 CVE-2020-6451 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject opensuse CWE-416
8.8
8.8
2020-04-13 CVE-2020-6450 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject opensuse CWE-416
8.8
8.8