Vulnerabilities > Fedoraproject > Fedora > 31

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-03	CVE-2020-16116	Path Traversal vulnerability in multiple products In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. local low complexity kde debian fedoraproject opensuse canonical CWE-22	3.3
2020-07-30	CVE-2020-16166	Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. network high complexity linux opensuse fedoraproject debian canonical netapp oracle CWE-330	3.7
2020-07-28	CVE-2020-16094	Uncontrolled Recursion vulnerability in multiple products In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. network low complexity claws-mail fedoraproject CWE-674	7.5
2020-07-27	CVE-2020-15103	Integer Overflow to Buffer Overflow vulnerability in multiple products In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. network low complexity freerdp fedoraproject opensuse canonical debian CWE-680	3.5
2020-07-27	CVE-2020-15953	Injection vulnerability in multiple products LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. network high complexity libetpan-project libmailcore fedoraproject debian CWE-74	7.4
2020-07-23	CVE-2020-15917	common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. network low complexity claws-mail fedoraproject opensuse critical	9.8
2020-07-22	CVE-2020-6536	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. network low complexity google debian opensuse fedoraproject	4.3
2020-07-22	CVE-2020-6535	Cross-site Scripting vulnerability in multiple products Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-79	6.1
2020-07-22	CVE-2020-6534	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-787	8.8
2020-07-22	CVE-2020-6533	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-843	8.8