Total
5262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | |||||
| CVE-2020-7042 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | |||||
| CVE-2020-7041 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | |||||
| CVE-2020-6860 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. | |||||
| CVE-2020-6851 | 5 Debian, Fedoraproject, Oracle and 2 more | 12 Debian Linux, Fedora, Georaster and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | |||||
| CVE-2020-6816 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. | |||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | |||||
| CVE-2020-6750 | 2 Fedoraproject, Gnome | 2 Fedora, Glib | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. | |||||
| CVE-2020-6582 | 2 Fedoraproject, Nagios | 2 Fedora, Remote Plug In Executor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | |||||
| CVE-2020-6581 | 2 Fedoraproject, Nagios | 2 Fedora, Remote Plug In Executor | 2024-11-21 | 3.7 LOW | 7.3 HIGH |
| Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection. | |||||
| CVE-2020-6576 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6575 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6574 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. | |||||
| CVE-2020-6573 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-6571 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6570 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. | |||||
| CVE-2020-6569 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6568 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Android and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6567 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6566 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||