|
2020-11-03
|
CVE-2020-16003
|
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16004
|
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16005
|
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16006
|
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16007
|
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
|
Debian_linux, Chrome, Backports_sle, Leap
|
7.8
|
|
|
|
2020-11-03
|
CVE-2020-16008
|
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
|
Debian_linux, Fedora, Chrome, Backports_sle, Leap
|
8.8
|
|
|
|
2020-11-03
|
CVE-2020-16011
|
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
Debian_linux, Chrome, Backports_sle, Leap
|
9.6
|
|
|
|
2020-11-03
|
CVE-2020-6557
|
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
Debian_linux, Fedora, Chrome, Backports_sle
|
6.5
|
|
|
|
2019-04-20
|
CVE-2019-11358
|
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
|
Backdrop, Debian_linux, Drupal, Fedora, Joomla\!, Jquery, Junos, Oncommand_system_manager, Snapcenter, Backports_sle, Leap, Agile_product_lifecycle_management_for_process, Application_express, Application_service_level_management, Application_testing_suite, Banking_digital_experience, Banking_enterprise_collections, Banking_platform, Bi_publisher, Big_data_discovery, Business_process_management_suite, Communications_analytics, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_webrtc_session_controller, Diagnostic_assistant, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_enterprise_financial_performance_analytics, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Financial_services_retail_customer_analytics, Financial_services_retail_performance_analytics, Financial_services_revenue_management_and_billing, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_guest_access, Hospitality_materials_control, Hospitality_simphony, Identity_manager, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_ifrs_17_analyzer, Insurance_insbridge_rating_and_underwriting, Insurance_performance_insight, Jd_edwards_enterpriseone_tools, Jdeveloper, Jdeveloper_and_adf, Knowledge, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Rest_data_services, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_point\-Of\-Service, Retail_returns_management, Service_bus, Siebel_mobile_applications, Siebel_ui_framework, Storagetek_tape_analytics_sw_tool, System_utilities, Tape_library_acsls, Transportation_management, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server, Cloudforms, Virtualization_manager
|
6.1
|
|
|
|
2019-02-11
|
CVE-2019-5736
|
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling,...
|
Mesos, Ubuntu_linux, Dc\/os, Kubernetes_engine, Docker, Fedora, Kubernetes_engine, Onesphere, Lxc, Runc, Service_management_automation, Hci_management_node, Solidfire, Backports_sle, Leap, Container_development_kit, Enterprise_linux, Enterprise_linux_server, Openshift
|
8.6
|
|
|