Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
network
high complexity
arm fedoraproject debian
5.9
5.9
2020-03-24 CVE-2020-1747 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml fedoraproject opensuse oracle
critical
 9.8
9.8
2020-03-24 CVE-2020-9359 KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
local
low complexity
kde debian fedoraproject
5.3
5.3
2020-03-24 CVE-2020-10684 Missing Authorization vulnerability in multiple products
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean.
local
low complexity
redhat debian fedoraproject CWE-862
7.1
7.1
2020-03-23 CVE-2020-6449 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject suse opensuse CWE-416
8.8
8.8
2020-03-23 CVE-2020-6429 Out-of-bounds Write vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject suse opensuse CWE-787
8.8
8.8
2020-03-23 CVE-2020-6428 Out-of-bounds Write vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google suse opensuse fedoraproject debian CWE-787
8.8
8.8
2020-03-23 CVE-2020-6427 Out-of-bounds Write vulnerability in multiple products
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject suse opensuse CWE-787
8.8
8.8
2020-03-23 CVE-2020-6426 Out-of-bounds Write vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google suse opensuse fedoraproject debian CWE-787
6.5
6.5
2020-03-23 CVE-2020-6425 Improper Input Validation vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject opensuse CWE-20
5.4
5.4