Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-19 | CVE-2020-13164 | In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2020-05-20 | CVE-2020-9484 | When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be... | Tomcat, Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Leap, Agile_engineering_data_management, Agile_plm, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_policy, Communications_diameter_signaling_router, Communications_element_manager, Communications_instant_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Database, Fmw_platform, Hospitality_guest_access, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Retail_order_broker, Siebel_apps_\-_marketing, Siebel_ui_framework, Transportation_management, Workload_manager | 7.0 | ||
| 2020-05-20 | CVE-2020-13230 | In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | Cacti, Debian_linux, Fedora | 4.3 | ||
| 2020-05-20 | CVE-2020-13231 | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | Cacti, Fedora | 6.5 | ||
| 2020-05-20 | CVE-2020-13249 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. | Fedora, Connector\/c, Leap | 8.8 | ||
| 2020-05-21 | CVE-2020-6471 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 9.6 | ||
| 2020-05-21 | CVE-2020-6472 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 6.5 | ||
| 2020-05-21 | CVE-2020-6463 | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Ubuntu_linux, Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-05-21 | CVE-2020-6465 | Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 9.6 | ||
| 2020-05-21 | CVE-2020-6466 | Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 9.6 |