Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2020-03-23 CVE-2020-6425 Improper Input Validation vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject opensuse CWE-20
5.4
2020-03-23 CVE-2020-6424 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject suse opensuse CWE-416
8.8
2020-03-23 CVE-2020-6422 Out-of-bounds Write vulnerability in multiple products
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian suse opensuse CWE-787
8.8
2020-03-23 CVE-2020-6420 Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
network
low complexity
google debian fedoraproject
8.8
2020-03-22 CVE-2020-10803 SQL Injection vulnerability in multiple products
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php).
5.4
2020-03-22 CVE-2020-10802 SQL Injection vulnerability in multiple products
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php.
8.0
2020-03-22 CVE-2020-10804 SQL Injection vulnerability in multiple products
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php).
network
low complexity
phpmyadmin fedoraproject opensuse suse CWE-89
8.0
2020-03-20 CVE-2020-8139 Missing Authorization vulnerability in multiple products
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
network
low complexity
nextcloud fedoraproject CWE-862
6.5
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2020-03-19 CVE-2020-5267 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in multiple products
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers.
4.8