Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-6420 | Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 8.8 |
| 2020-03-22 | CVE-2020-10803 | SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). | 5.4 |
| 2020-03-22 | CVE-2020-10802 | SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. | 8.0 |
| 2020-03-22 | CVE-2020-10804 | SQL Injection vulnerability in multiple products In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). | 8.0 |
| 2020-03-20 | CVE-2020-8139 | Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 6.5 |
| 2020-03-20 | CVE-2019-14855 | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. | 7.5 |
| 2020-03-19 | CVE-2020-5267 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. | 4.8 |
| 2020-03-19 | CVE-2020-10675 | Infinite Loop vulnerability in multiple products The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. | 7.5 |
| 2020-03-19 | CVE-2019-20485 | Improper Input Validation vulnerability in multiple products qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | 5.7 |
| 2020-03-16 | CVE-2020-7919 | Improper Certificate Validation vulnerability in multiple products Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | 7.5 |