Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-13	CVE-2019-20907	Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. network low complexity python opensuse debian fedoraproject canonical netapp oracle CWE-835	7.5
2020-07-09	CVE-2020-10756	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. local low complexity libslirp-project redhat canonical debian opensuse CWE-125	6.5
2020-07-09	CVE-2020-12426	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 77. network low complexity mozilla opensuse CWE-787	8.8
2020-07-09	CVE-2020-12422	Out-of-bounds Write vulnerability in multiple products In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. network low complexity mozilla opensuse CWE-787	8.8
2020-07-09	CVE-2020-12420	Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12419	Use After Free vulnerability in multiple products When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12418	Out-of-bounds Read vulnerability in multiple products Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. network low complexity mozilla canonical opensuse CWE-125	6.5
2020-07-09	CVE-2020-12417	Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-681	8.8
2020-07-09	CVE-2020-12416	Use After Free vulnerability in multiple products A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. network low complexity mozilla opensuse CWE-416	8.8
2020-07-09	CVE-2020-12415	Incorrect Default Permissions vulnerability in multiple products When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. network low complexity mozilla opensuse CWE-276	6.5