Vulnerabilities > Fedoraproject > Fedora > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-18 | CVE-2017-9103 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2017-9109 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-05-21 | CVE-2020-6471 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2020-05-21 | CVE-2020-6469 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2020-05-21 | CVE-2020-6466 | Use After Free vulnerability in multiple products Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2020-05-21 | CVE-2020-6465 | Use After Free vulnerability in multiple products Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2020-05-12 | CVE-2020-12823 | Classic Buffer Overflow vulnerability in multiple products OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | 9.8 |
2020-05-11 | CVE-2018-1285 | XXE vulnerability in multiple products Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. | 9.8 |
2020-05-08 | CVE-2020-12740 | Out-of-bounds Read vulnerability in multiple products tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. | 9.1 |
2020-05-05 | CVE-2020-11035 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. | 9.3 |