Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20053 | 2 Opensuse, Upx | 3 Backports, Leap, Upx | 2025-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
|
|||||
| CVE-2018-19873 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports and 2 more | 2025-02-11 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
|
|||||
| CVE-2021-46142 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
|
|||||
| CVE-2021-46141 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
|
|||||
| CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
|
|||||
| CVE-2020-6610 | 2 Gnu, Opensuse | 3 Libredwg, Backports, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
|
|||||
| CVE-2020-6495 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
|
|||||
| CVE-2020-6493 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports and 1 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2020-6456 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
|
|||||
| CVE-2020-6455 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2020-6452 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2020-6446 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2020-6445 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2020-6443 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.
|
|||||
| CVE-2020-6442 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2020-6441 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
|
|||||
| CVE-2020-6440 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
|
|||||
| CVE-2020-6439 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.
|
|||||
| CVE-2020-6437 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
|
|||||
| CVE-2020-6435 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6433 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6432 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2020-6431 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.
|
|||||
| CVE-2020-6425 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
|
|||||
| CVE-2020-5202 | 3 Apt-cacher-ng Project, Debian, Opensuse | 4 Apt-cacher-ng, Debian Linux, Backports and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this por ...
Show More |
|||||
| CVE-2020-15803 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
|
|||||
| CVE-2020-14983 | 2 Chocolate-doom, Opensuse | 4 Chocolate Doom, Crispy Doom, Backports and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
|
|||||
| CVE-2020-10938 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
|
|||||
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
|
|||||
| CVE-2020-0561 | 4 Intel, Linux, Microsoft and 1 more | 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2019-7443 | 4 Fedoraproject, Kde, Opensuse and 1 more | 5 Fedora, Kauth, Backports and 2 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
|
|||||
| CVE-2019-5840 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Iphone Os, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2019-5839 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
|
|||||
| CVE-2019-5838 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
|
|||||
| CVE-2019-5837 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2019-5836 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5835 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
|||||
| CVE-2019-5834 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
|||||
| CVE-2019-5833 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Android and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
|
|||||
| CVE-2019-5832 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||