Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-22 | CVE-2020-6533 | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-07-22 | CVE-2020-6534 | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-07-22 | CVE-2020-6535 | Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 6.1 | ||
| 2020-07-22 | CVE-2020-6536 | Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 4.3 | ||
| 2020-07-23 | CVE-2020-15917 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | Claws\-Mail, Fedora, Backports_sle, Leap | 9.8 | ||
| 2020-07-27 | CVE-2020-15953 | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | Debian_linux, Fedora, Libetpan, Mailcore2 | 7.4 | ||
| 2020-07-27 | CVE-2020-15103 | In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 3.5 | ||
| 2020-07-28 | CVE-2020-16094 | In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. | Claws\-Mail, Fedora | 7.5 | ||
| 2020-07-29 | CVE-2020-16135 | libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | Ubuntu_linux, Debian_linux, Fedora, Libssh, Communications_cloud_native_core_policy | 5.9 | ||
| 2020-07-30 | CVE-2020-16166 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_santricity_os_controller, H410c_firmware, Hci_bootstrap_os, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Sd\-Wan_edge | 3.7 |