Vulnerabilities > Fedoraproject > Fedora > 31

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-22	CVE-2020-6511	Information Exposure Through an Error Message vulnerability in multiple products Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google debian opensuse fedoraproject CWE-209	6.5
2020-07-22	CVE-2020-6510	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. local low complexity google debian opensuse fedoraproject CWE-787	7.8
2020-07-20	CVE-2020-3481	NULL Pointer Dereference vulnerability in multiple products A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. network low complexity clamav debian canonical fedoraproject CWE-476	7.5
2020-07-20	CVE-2020-15121	OS Command Injection vulnerability in multiple products In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. network low complexity radare fedoraproject CWE-78 critical	9.6
2020-07-17	CVE-2020-15586	Race Condition vulnerability in multiple products Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. network high complexity golang cloudfoundry debian opensuse fedoraproject CWE-362	5.9
2020-07-17	CVE-2020-14928	Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. network high complexity gnome debian fedoraproject canonical CWE-74	5.9
2020-07-17	CVE-2020-14001	Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). network low complexity kramdown-project debian fedoraproject canonical CWE-862 critical	9.8
2020-07-17	CVE-2020-15803	Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. network low complexity zabbix fedoraproject debian opensuse CWE-79	6.1
2020-07-15	CVE-2020-14621	Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). network low complexity oracle fedoraproject mcafee opensuse canonical debian netapp	5.3
2020-07-15	CVE-2020-14619	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network low complexity netapp fedoraproject canonical oracle	6.5