Leap

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-09	CVE-2020-10756	Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. local low complexity libslirp-project redhat canonical debian opensuse CWE-125	6.5
2020-07-09	CVE-2020-12426	Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 77. network low complexity mozilla opensuse CWE-787	8.8
2020-07-09	CVE-2020-12422	Out-of-bounds Write vulnerability in multiple products In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. network low complexity mozilla opensuse CWE-787	8.8
2020-07-09	CVE-2020-12420	Use After Free vulnerability in multiple products When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12419	Use After Free vulnerability in multiple products When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. network low complexity mozilla canonical opensuse CWE-416	8.8
2020-07-09	CVE-2020-12418	Out-of-bounds Read vulnerability in multiple products Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. network low complexity mozilla canonical opensuse CWE-125	6.5
2020-07-09	CVE-2020-12417	Incorrect Conversion between Numeric Types vulnerability in multiple products Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. network low complexity mozilla canonical opensuse CWE-681	8.8
2020-07-09	CVE-2020-12416	Use After Free vulnerability in multiple products A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. network low complexity mozilla opensuse CWE-416	8.8
2020-07-09	CVE-2020-12415	Incorrect Default Permissions vulnerability in multiple products When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. network low complexity mozilla opensuse CWE-276	6.5
2020-07-09	CVE-2020-12402	Information Exposure Through Discrepancy vulnerability in multiple products During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. local high complexity mozilla opensuse fedoraproject debian CWE-203	4.4