Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-6471 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google fedoraproject opensuse debian CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6469 Incorrect Default Permissions vulnerability in multiple products
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
network
low complexity
google debian opensuse fedoraproject CWE-276
critical
 9.6
9.6
2020-05-21 CVE-2020-6466 Use After Free vulnerability in multiple products
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-21 CVE-2020-6465 Use After Free vulnerability in multiple products
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian opensuse fedoraproject CWE-416
critical
 9.6
9.6
2020-05-12 CVE-2020-12823 Classic Buffer Overflow vulnerability in multiple products
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
network
low complexity
infradead fedoraproject debian opensuse CWE-120
critical
 9.8
9.8
2020-05-11 CVE-2018-1285 XXE vulnerability in multiple products
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.
network
low complexity
apache fedoraproject oracle netapp CWE-611
critical
 9.8
9.8
2020-05-08 CVE-2020-12740 Out-of-bounds Read vulnerability in multiple products
tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation.
network
low complexity
broadcom fedoraproject CWE-125
critical
 9.1
9.1
2020-05-05 CVE-2020-11035 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm.
network
low complexity
glpi-project fedoraproject CWE-327
critical
 9.3
9.3
2020-04-27 CVE-2019-18823 Improper Authentication vulnerability in multiple products
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control.
network
low complexity
wisc fedoraproject debian CWE-287
critical
 9.8
9.8
2020-04-27 CVE-2019-20790 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
network
low complexity
trusteddomain pypolicyd-spf-project fedoraproject CWE-290
critical
 9.8
9.8