Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-02 | CVE-2020-8835 | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) | Ubuntu_linux, Fedora, Linux_kernel, 8300_firmware, 8700_firmware, A220_firmware, A320_firmware, A400_firmware, A700s_firmware, A800_firmware, C190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage | 7.8 | ||
| 2020-04-01 | CVE-2020-6096 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this... | Debian_linux, Fedora, Glibc | 8.1 | ||
| 2020-04-13 | CVE-2020-1759 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. | Fedora, Ceph, Ceph_storage, Openshift, Openstack | 6.8 | ||
| 2020-04-13 | CVE-2020-6423 | Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-04-13 | CVE-2020-6430 | Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-04-13 | CVE-2020-6432 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 4.3 | ||
| 2020-04-13 | CVE-2020-6431 | Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 4.3 | ||
| 2020-04-13 | CVE-2020-6433 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 4.3 | ||
| 2020-04-13 | CVE-2020-6434 | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Leap | 8.8 | ||
| 2020-04-13 | CVE-2020-6435 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports, Leap | 4.3 |