Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-29	CVE-2020-16118	NULL Pointer Dereference vulnerability in multiple products In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. network low complexity gnome opensuse CWE-476	7.5
2020-07-29	CVE-2020-15707	Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. local gnu redhat microsoft canonical debian opensuse suse netapp CWE-190	4.4
2020-07-29	CVE-2020-15706	Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. local high complexity gnu redhat canonical debian suse microsoft opensuse CWE-416	6.4
2020-07-29	CVE-2020-15705	Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. local gnu redhat canonical debian opensuse suse microsoft CWE-347	4.4
2020-07-28	CVE-2020-15900	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. network low complexity artifex canonical opensuse CWE-191 critical	9.8
2020-07-27	CVE-2020-15103	Integer Overflow to Buffer Overflow vulnerability in multiple products In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. network low complexity freerdp fedoraproject opensuse canonical debian CWE-680	3.5
2020-07-23	CVE-2020-15917	common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. network low complexity claws-mail fedoraproject opensuse critical	9.8
2020-07-22	CVE-2020-6536	Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. network low complexity google debian opensuse fedoraproject	4.3
2020-07-22	CVE-2020-6535	Cross-site Scripting vulnerability in multiple products Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-79	6.1
2020-07-22	CVE-2020-6534	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google opensuse debian fedoraproject CWE-787	8.8