Home/Product/opensuse leap
Product

opensuse leap

500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-31431
all versions
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This m
7.8HIGH
 CVE-2025-32463
all versions
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used
9.3CRITICAL
 CVE-2023-32182
all versions
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE Linux Enterprise Desktop 15 SP5 postfi
5.9MEDIUM
 CVE-2022-45153
all versions
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15
7.0HIGH
 CVE-2022-31252
all versions
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4,
4.4MEDIUM
 CVE-2021-46142
all versions
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.
5.5MEDIUM
 CVE-2021-46141
all versions
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.
5.5MEDIUM
 CVE-2021-41819
all versions
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0
7.5HIGH
 CVE-2021-41817
all versions
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed
7.5HIGH
 CVE-2021-26676
all versions
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exp
6.5MEDIUM
 CVE-2021-26675
all versions
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
8.8HIGH
 CVE-2020-0569
all versions
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable
5.7MEDIUM
 CVE-2020-16846
all versions
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled,
9.8CRITICAL
 CVE-2020-28049
all versions
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows
6.3MEDIUM
 CVE-2020-16011
all versions
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the re
9.6CRITICAL
 CVE-2020-16009
all versions
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap c
8.8HIGH
 CVE-2020-16008
all versions
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack cor
8.8HIGH
 CVE-2020-16007
all versions
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate
7.8HIGH
 CVE-2020-16006
all versions
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap c
8.8HIGH
 CVE-2020-16005
all versions
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit
8.8HIGH
 CVE-2020-16004
all versions
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap cor
8.8HIGH
 CVE-2020-14323
all versions
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
5.5MEDIUM
 CVE-2020-27673
all versions
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of s
5.5MEDIUM
 CVE-2020-27672
all versions
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corru
7.0HIGH
 CVE-2020-27671
all versions
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruptio
7.8HIGH
 CVE-2020-27670
all versions
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a
7.8HIGH
 CVE-2020-15683
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bug
9.8CRITICAL
 CVE-2020-27560
all versions
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
3.3LOW
 CVE-2020-14803
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 1
5.3MEDIUM
 CVE-2020-14798
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14797
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14796
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.1LOW
 CVE-2020-14792
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affecte
4.2MEDIUM
 CVE-2020-14782
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14781
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected a
3.7LOW
 CVE-2020-14779
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2020-25829
all versions
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can caus
7.5HIGH
 CVE-2020-27153
all versions
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could p
8.6HIGH
 CVE-2020-15229
all versions
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of
8.2HIGH
 CVE-2020-25645
all versions
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPse
7.5HIGH
 CVE-2020-26935
all versions
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was dis
9.8CRITICAL
 CVE-2020-26934
all versions
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
6.1MEDIUM
 CVE-2020-26164
all versions
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use o
5.5MEDIUM
 CVE-2020-11800
all versions
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
9.8CRITICAL
 CVE-2020-14355
all versions
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before
6.6MEDIUM
 CVE-2020-25866
all versions
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was s
7.5HIGH
 CVE-2020-25863
all versions
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in
7.5HIGH
 CVE-2020-25862
all versions
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/disse
7.5HIGH
 CVE-2020-25643
all versions
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is c
7.2HIGH
 CVE-2020-25641
all versions
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued b
5.5MEDIUM
 CVE-2020-25637
all versions
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information
6.7MEDIUM
 CVE-2020-8228
all versions
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
5.3MEDIUM
 CVE-2020-7070
all versions
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values,
4.3MEDIUM
 CVE-2020-7069
all versions
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() fu
5.4MEDIUM
 CVE-2020-15678
all versions
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-f
8.8HIGH
 CVE-2020-15677
all versions
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file
6.1MEDIUM
 CVE-2020-15676
all versions
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being
6.1MEDIUM
 CVE-2020-15673
all versions
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of m
8.8HIGH
 CVE-2020-14374
all versions
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads
8.8HIGH
 CVE-2020-14378
all versions
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of
3.3LOW
 CVE-2020-14377
all versions
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled para
7.1HIGH
 CVE-2020-14376
all versions
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the V
7.8HIGH
 CVE-2020-14375
all versions
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are i
7.8HIGH
 CVE-2020-26154
all versions
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is
9.8CRITICAL
 CVE-2020-26117
all versions
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They st
8.1HIGH
 CVE-2020-26116
all versions
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if
7.2HIGH
 CVE-2020-15211
all versions
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double index
4.8MEDIUM
 CVE-2020-15210
all versions
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both inp
6.5MEDIUM
 CVE-2020-15209
all versions
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input
5.9MEDIUM
 CVE-2020-15208
all versions
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensor
7.4HIGH
 CVE-2020-15207
all versions
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite
8.7HIGH
 CVE-2020-15206
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and al
9.0CRITICAL
 CVE-2020-15205
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the data_splits argument of tf.raw_ops.StringNGrams lacks
9.0CRITICAL
 CVE-2020-15204
all versions
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf
5.3MEDIUM
 CVE-2020-15203
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.as_string, a
7.5HIGH
 CVE-2020-15202
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be
9.0CRITICAL
 CVE-2020-15195
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double
8.5HIGH
 CVE-2020-15194
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete v
5.3MEDIUM
 CVE-2020-15193
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory re
7.1HIGH
 CVE-2020-15192
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.to_dlpack there is a memory leak fol
4.3MEDIUM
 CVE-2020-15191
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations
5.3MEDIUM
 CVE-2020-15190
all versions
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.raw_ops.Switch operation takes as input a tensor and
5.3MEDIUM
 CVE-2019-11556
all versions
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
6.1MEDIUM
 CVE-2020-26088
all versions
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local at
5.5MEDIUM
 CVE-2020-25604
all versions
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrati
4.7MEDIUM
 CVE-2020-25603
all versions
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event
7.8HIGH
 CVE-2020-25602
all versions
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_
6.0MEDIUM
 CVE-2020-25601
all versions
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular,
5.5MEDIUM
 CVE-2020-25600
all versions
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-l
5.5MEDIUM
 CVE-2020-25599
all versions
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a
7.0HIGH
 CVE-2020-25598
all versions
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, U
5.5MEDIUM
 CVE-2020-25596
all versions
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER in
5.5MEDIUM
 CVE-2020-25595
all versions
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI han
7.8HIGH
 CVE-2020-6576
all versions
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap c
8.8HIGH
 CVE-2020-6575
all versions
Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potenti
8.3HIGH
 CVE-2020-6574
all versions
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potential
7.8HIGH
 CVE-2020-6573
all versions
Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the rende
9.6CRITICAL
 CVE-2020-6571
all versions
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofin
4.3MEDIUM
 CVE-2020-6570
all versions
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive inf
4.3MEDIUM
 CVE-2020-6569
all versions
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer proce
6.3MEDIUM
 CVE-2020-6568
all versions
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to
6.5MEDIUM
 CVE-2020-6567
all versions
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a re
6.5MEDIUM
 CVE-2020-6566
all versions
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin dat
6.5MEDIUM
 CVE-2020-6565
all versions
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the conte
6.5MEDIUM
 CVE-2020-6564
all versions
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents
6.5MEDIUM
 CVE-2020-6563
all versions
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to
6.5MEDIUM
 CVE-2020-6562
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin dat
6.5MEDIUM
 CVE-2020-6561
all versions
Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak c
6.5MEDIUM
 CVE-2020-6560
all versions
Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin
6.5MEDIUM
 CVE-2020-6559
all versions
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap co
8.8HIGH
 CVE-2020-6558
all versions
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass naviga
6.5MEDIUM
 CVE-2020-6556
all versions
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap
8.8HIGH
 CVE-2020-15966
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to
4.3MEDIUM
 CVE-2020-15965
all versions
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory
8.8HIGH
 CVE-2020-15964
all versions
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit hea
8.8HIGH
 CVE-2020-15963
all versions
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to
9.6CRITICAL
 CVE-2020-15962
all versions
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform
8.8HIGH
 CVE-2020-15961
all versions
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to i
9.6CRITICAL
 CVE-2020-15960
all versions
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bo
8.8HIGH
 CVE-2020-15959
all versions
Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user t
4.3MEDIUM
 CVE-2020-8252
all versions
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer s
7.8HIGH
 CVE-2020-8201
all versions
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users
7.4HIGH
 CVE-2020-0432
all versions
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local esca
7.8HIGH
 CVE-2020-0431
all versions
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local esca
6.7MEDIUM
 CVE-2020-0427
all versions
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information
5.5MEDIUM
 CVE-2019-20919
all versions
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the c
4.7MEDIUM
 CVE-2020-25040
all versions
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build o
8.8HIGH
 CVE-2020-25039
all versions
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace contai
8.1HIGH
 CVE-2020-14393
all versions
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 charact
7.1HIGH
 CVE-2020-14392
all versions
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_lo
5.5MEDIUM
 CVE-2020-14386
all versions
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged
6.7MEDIUM
 CVE-2020-8927
all versions
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-sh
5.3MEDIUM
 CVE-2020-25284
all versions
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for acces
4.1MEDIUM
 CVE-2020-6097
all versions
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specia
7.5HIGH
 CVE-2020-25219
all versions
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a resp
7.5HIGH
 CVE-2020-25212
all versions
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or po
7.0HIGH
 CVE-2020-14342
all versions
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject ar
4.4MEDIUM
 CVE-2019-20916
all versions
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Dis
7.5HIGH
 CVE-2020-24659
all versions
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_reneg
7.5HIGH
 CVE-2020-24977
all versions
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The
6.5MEDIUM
 CVE-2020-24654
all versions
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated
3.3LOW
 CVE-2020-24553
all versions
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Ty
6.1MEDIUM
 CVE-2020-15811
all versions
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attack
6.5MEDIUM
 CVE-2020-15810
all versions
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attack
6.5MEDIUM
 CVE-2020-14364
all versions
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs whil
5.0MEDIUM
 CVE-2020-25032
all versions
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access pr
7.5HIGH
 CVE-2020-14352
all versions
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize p
8.0HIGH
 CVE-2020-24972
all versions
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because op
8.8HIGH
 CVE-2020-24614
all versions
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code.
8.8HIGH
 CVE-2020-24606
all versions
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles du
8.6HIGH
 CVE-2020-14350
all versions
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with suffici
7.3HIGH
 CVE-2020-14349
all versions
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during l
7.1HIGH
 CVE-2020-8624
all versions
In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1,
4.3MEDIUM
 CVE-2020-8623
all versions
In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Ed
7.5HIGH
 CVE-2020-8622
all versions
In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edit
6.5MEDIUM
 CVE-2020-8621
all versions
In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attac
7.5HIGH
 CVE-2020-8620
all versions
In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that con
7.5HIGH
 CVE-2020-14356
all versions
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot
7.8HIGH
 CVE-2020-24394
all versions
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when t
7.1HIGH
 CVE-2020-1472
all versions
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a d
5.5MEDIUM
 CVE-2020-8233
all versions
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute ar
8.8HIGH
 CVE-2020-17498
all versions
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avo
6.5MEDIUM
 CVE-2020-17489
all versions
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the passwor
4.3MEDIUM
 CVE-2020-17368
all versions
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to co
9.8CRITICAL
 CVE-2020-17367
all versions
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command inject
7.8HIGH
 CVE-2020-16092
all versions
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3
3.8LOW
 CVE-2020-15659
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bug
8.8HIGH
 CVE-2020-15656
all versions
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by
8.8HIGH
 CVE-2020-15655
all versions
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to pote
6.5MEDIUM
 CVE-2020-9490
all versions
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re
7.5HIGH
 CVE-2020-11993
all versions
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter
7.5HIGH
 CVE-2020-11984
all versions
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
9.8CRITICAL
 CVE-2020-8026
all versions
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15
8.4HIGH
 CVE-2020-16845
all versions
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via inval
7.5HIGH
 CVE-2020-17353
all versions
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on
9.8CRITICAL
 CVE-2020-14344
all versions
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 befor
6.7MEDIUM
 CVE-2020-16116
all versions
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ dire
3.3LOW
 CVE-2020-14311
all versions
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic lin
5.7MEDIUM
 CVE-2020-14310
all versions
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MA
5.7MEDIUM
 CVE-2020-16166
all versions
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the i
3.7LOW
 CVE-2020-14309
all versions
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name le
6.7MEDIUM
 CVE-2020-10713
all versions
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification p
8.2HIGH
 CVE-2020-14308
all versions
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocatio
6.4MEDIUM
 CVE-2020-16118
all versions
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client cr
7.5HIGH
 CVE-2020-15707
all versions
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shi
5.7MEDIUM
 CVE-2020-15706
all versions
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered
6.4MEDIUM
 CVE-2020-15705
all versions
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects
6.4MEDIUM
 CVE-2020-15900
all versions
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow over
9.8CRITICAL
 CVE-2020-15103
all versions
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP
3.5LOW
 CVE-2020-15917
all versions
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
9.8CRITICAL
 CVE-2020-6536
all versions
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to insta
4.3MEDIUM
 CVE-2020-6535
all versions
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the ren
6.1MEDIUM
 CVE-2020-6534
all versions
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corrup
8.8HIGH
 CVE-2020-6533
all versions
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a
8.8HIGH
 CVE-2020-6531
all versions
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-
4.3MEDIUM
 CVE-2020-6530
all versions
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to
8.8HIGH
 CVE-2020-6529
all versions
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position
4.3MEDIUM
 CVE-2020-6528
all versions
Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents
4.3MEDIUM
 CVE-2020-6527
all versions
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security
4.3MEDIUM
 CVE-2020-6526
all versions
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigati
6.5MEDIUM
 CVE-2020-6525
all versions
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corrupti
8.8HIGH
 CVE-2020-6524
all versions
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corr
8.8HIGH
 CVE-2020-6523
all versions
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruptio
8.8HIGH
 CVE-2020-6522
all versions
Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to pot
9.6CRITICAL
 CVE-2020-6521
all versions
Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentiall
6.5MEDIUM
 CVE-2020-6520
all versions
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption vi
8.8HIGH
 CVE-2020-6519
all versions
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a craf
6.5MEDIUM
 CVE-2020-6518
all versions
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to u
8.8HIGH
 CVE-2020-6517
all versions
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corru
8.8HIGH
 CVE-2020-6516
all versions
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTM
4.3MEDIUM
 CVE-2020-6515
all versions
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruptio
8.8HIGH
 CVE-2020-6514
all versions
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position
6.5MEDIUM
 CVE-2020-6513
all versions
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corrup
8.8HIGH
 CVE-2020-6512
all versions
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a
8.8HIGH
 CVE-2020-6511
all versions
Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin
6.5MEDIUM
 CVE-2020-6510
all versions
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit h
7.8HIGH
 CVE-2020-0305
all versions
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of priv
6.4MEDIUM
 CVE-2020-15586
all versions
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy
5.9MEDIUM
 CVE-2020-14039
all versions
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements
5.3MEDIUM
 CVE-2020-15803
all versions
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in
6.1MEDIUM
 CVE-2020-15780
all versions
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via c
6.7MEDIUM
 CVE-2019-20908
all versions
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_
6.7MEDIUM
 CVE-2020-14715
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
4.4MEDIUM
 CVE-2020-14714
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
4.4MEDIUM
 CVE-2020-14713
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14712
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.0MEDIUM
 CVE-2020-14711
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.5MEDIUM
 CVE-2020-14707
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.0MEDIUM
 CVE-2020-14704
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.0MEDIUM
 CVE-2020-14703
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.0MEDIUM
 CVE-2020-14700
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14699
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14698
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14695
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14694
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14677
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14676
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14675
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14674
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14673
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14650
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14649
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14648
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
5.3MEDIUM
 CVE-2020-14647
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14646
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-14629
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.0MEDIUM
 CVE-2020-14628
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
8.2HIGH
 CVE-2020-14621
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
5.3MEDIUM
 CVE-2020-14593
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
7.4HIGH
 CVE-2020-14583
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-14581
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2020-14579
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14578
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
3.7LOW
 CVE-2020-14577
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
3.7LOW
 CVE-2020-14573
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.
3.7LOW
 CVE-2020-14562
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.
5.3MEDIUM
 CVE-2020-14556
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
4.8MEDIUM
 CVE-2020-13935
all versions
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8
7.5HIGH
 CVE-2020-13934
all versions
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/
7.5HIGH
 CVE-2020-15719
all versions
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC61
4.2MEDIUM
 CVE-2020-13753
all versions
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOC
10.0CRITICAL
 CVE-2019-20907
all versions
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by t
7.5HIGH
 CVE-2020-10756
all versions
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the
6.5MEDIUM
 CVE-2020-12426
all versions
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of
8.8HIGH
 CVE-2020-12422
all versions
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting i
8.8HIGH
 CVE-2020-12420
all versions
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corru
8.8HIGH
 CVE-2020-12419
all versions
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use
8.8HIGH
 CVE-2020-12418
all versions
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScr
6.5MEDIUM
 CVE-2020-12417
all versions
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruptio
8.8HIGH
 CVE-2020-12416
all versions
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free
8.8HIGH
 CVE-2020-12415
all versions
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served
6.5MEDIUM
 CVE-2020-12402
all versions
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed signi
4.4MEDIUM
 CVE-2020-12424
all versions
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could h
6.5MEDIUM
 CVE-2020-15095
all versions
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI support
4.4MEDIUM
 CVE-2020-10745
all versions
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/I
7.5HIGH
 CVE-2020-10730
all versions
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4
6.5MEDIUM
 CVE-2020-15567
all versions
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service becau
7.8HIGH
 CVE-2020-15565
all versions
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possi
8.8HIGH
 CVE-2020-15563
all versions
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditiona
6.5MEDIUM
 CVE-2020-10760
all versions
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC co
6.5MEDIUM
 CVE-2020-14303
all versions
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user coul
7.5HIGH
 CVE-2020-15466
all versions
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.
7.5HIGH
 CVE-2020-15396
all versions
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning
7.8HIGH
 CVE-2017-18922
all versions
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious
9.8CRITICAL
 CVE-2020-15393
all versions
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
5.5MEDIUM
 CVE-2020-4067
all versions
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak
7.0HIGH
 CVE-2020-8014
all versions
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed
7.7HIGH
 CVE-2020-8022
all versions
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Serve
7.7HIGH
 CVE-2020-11996
all versions
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.
7.5HIGH
 CVE-2020-10769
all versions
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec
5.5MEDIUM
 CVE-2020-10753
all versions
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP
5.4MEDIUM
 CVE-2020-15306
all versions
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffs
5.5MEDIUM
 CVE-2020-15305
all versions
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLine
5.5MEDIUM
 CVE-2020-15304
all versions
An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::
5.5MEDIUM
 CVE-2020-15025
all versions
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumptio
4.4MEDIUM
 CVE-2020-12866
all versions
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the vic
5.7MEDIUM
 CVE-2020-12865
all versions
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the vict
8.0HIGH
 CVE-2020-12864
all versions
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victi
4.3MEDIUM
 CVE-2020-12863
all versions
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victi
4.3MEDIUM
 CVE-2020-12862
all versions
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victi
4.3MEDIUM
 CVE-2020-12861
all versions
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim
8.8HIGH
 CVE-2020-4033
all versions
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with col
3.1LOW
 CVE-2020-4032
all versions
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph
3.1LOW
 CVE-2020-4031
all versions
In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with
3.5LOW
 CVE-2020-4030
all versions
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an
3.5LOW
 CVE-2020-11099
all versions
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated licen
3.5LOW
 CVE-2020-11098
all versions
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-c
3.5LOW
 CVE-2020-11097
all versions
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boun
3.5LOW
 CVE-2020-11096
all versions
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable
3.5LOW
 CVE-2020-11095
all versions
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boun
3.5LOW
 CVE-2020-14983
all versions
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buff
9.8CRITICAL
 CVE-2020-8933
all versions
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted
7.8HIGH
 CVE-2020-8907
all versions
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted
7.8HIGH
 CVE-2020-8903
all versions
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted
7.8HIGH
 CVE-2020-14954
all versions
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
5.9MEDIUM
 CVE-2020-8165
all versions
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unma
9.8CRITICAL
 CVE-2020-8164
all versions
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply
7.5HIGH
 CVE-2017-9104
all versions
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
9.8CRITICAL
 CVE-2017-9103
all versions
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, a
9.8CRITICAL
 CVE-2020-14422
all versions
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which mig
5.9MEDIUM
 CVE-2017-9109
all versions
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first tim
9.8CRITICAL
 CVE-2017-9108
all versions
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to incremen
7.5HIGH
 CVE-2020-14416
all versions
In the Linux kernel before 5.4.16, a race condition in tty-disc_data handling in the slip and slcan line discipline could lead to
4.2MEDIUM
 CVE-2020-8619
all versions
In ISC BIND9 versions BIND 9.11.14 - 9.11.19, BIND 9.14.9 - 9.14.12, BIND 9.16.0 - 9.16.3, BIND Supported Preview Edition 9.11.14-
4.9MEDIUM
 CVE-2020-8618
all versions
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the asserti
4.9MEDIUM
 CVE-2020-14401
all versions
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
6.5MEDIUM
 CVE-2020-14400
all versions
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/tra
7.5HIGH
 CVE-2020-14399
all versions
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfb
7.5HIGH
 CVE-2020-14398
all versions
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient
7.5HIGH
 CVE-2020-14397
all versions
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
7.5HIGH
 CVE-2019-20840
all versions
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses
7.5HIGH
 CVE-2019-20839
all versions
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
7.5HIGH
 CVE-2018-21247
all versions
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libv
7.5HIGH
 CVE-2020-0543
all versions
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to p
5.5MEDIUM
 CVE-2020-14093
all versions
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
5.9MEDIUM
 CVE-2020-14004
all versions
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) execut
7.8HIGH
 CVE-2020-10732
all versions
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account t
3.3LOW
 CVE-2020-1269
all versions
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Ke
7.8HIGH
 CVE-2020-10761
all versions
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occ
5.0MEDIUM
 CVE-2020-10757
all versions
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local
7.8HIGH
 CVE-2020-13962
all versions
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which
7.5HIGH
 CVE-2020-13844
all versions
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized
5.5MEDIUM
 CVE-2020-13696
all versions
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to
4.4MEDIUM
 CVE-2020-12803
all versions
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a
6.5MEDIUM
 CVE-2020-12802
all versions
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources.
5.3MEDIUM
 CVE-2020-12723
all versions
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls
7.5HIGH
 CVE-2020-10878
all versions
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular
8.6HIGH
 CVE-2020-10543
all versions
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an i
8.2HIGH
 CVE-2020-13800
all versions
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during
6.0MEDIUM
 CVE-2020-13817
all versions
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system t
7.4HIGH
 CVE-2020-6496
all versions
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sand
8.8HIGH
 CVE-2020-6495
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user
6.5MEDIUM
 CVE-2020-6494
all versions
Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the content
6.5MEDIUM
 CVE-2020-6493
all versions
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the rende
9.6CRITICAL
 CVE-2020-11080
all versions
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept at
3.7LOW
 CVE-2020-13379
all versions
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauth
8.2HIGH
 CVE-2019-20810
all versions
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure
5.5MEDIUM
 CVE-2020-13659
all versions
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
2.5LOW
 CVE-2020-12867
all versions
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same
5.5MEDIUM
 CVE-2020-11089
all versions
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, d
3.7LOW
 CVE-2020-11088
all versions
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
3.1LOW
 CVE-2020-11087
all versions
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1
3.1LOW
 CVE-2020-11086
all versions
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 by
3.1LOW
 CVE-2020-11085
all versions
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or serv
2.6LOW
 CVE-2020-11043
all versions
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX dec
2.2LOW
 CVE-2020-11040
all versions
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualize
2.2LOW
 CVE-2020-11041
all versions
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sou
2.2LOW
 CVE-2020-11039
all versions
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can
8.0HIGH
 CVE-2020-11038
all versions
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulate
6.9MEDIUM
 CVE-2020-11019
all versions
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur
4.3MEDIUM
 CVE-2020-11018
all versions
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could tri
6.5MEDIUM
 CVE-2020-11017
all versions
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and c
6.5MEDIUM
 CVE-2020-13362
all versions
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head fiel
3.2LOW
 CVE-2020-13361
all versions
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows gue
3.9LOW
 CVE-2019-20807
all versions
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (
5.3MEDIUM
 CVE-2020-13614
all versions
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
5.9MEDIUM
 CVE-2020-6831
all versions
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a po
9.8CRITICAL
 CVE-2020-13398
all versions
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common
8.3HIGH
 CVE-2020-13397
all versions
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decr
5.5MEDIUM
 CVE-2020-13396
all versions
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_Challeng
7.1HIGH
 CVE-2020-11077
all versions
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response
6.8MEDIUM
 CVE-2020-10711
all versions
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while i
5.9MEDIUM
 CVE-2020-12693
all versions
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authenticat
8.1HIGH
 CVE-2020-13113
all versions
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and
8.2HIGH
 CVE-2020-13114
all versions
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consump
7.5HIGH
 CVE-2020-13112
all versions
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information d
9.1CRITICAL
 CVE-2020-6491
all versions
Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof securit
6.5MEDIUM
 CVE-2020-6490
all versions
Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write
4.3MEDIUM
 CVE-2020-6489
all versions
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced
4.3MEDIUM
 CVE-2020-6488
all versions
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation
4.3MEDIUM
 CVE-2020-6487
all versions
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation
6.5MEDIUM
 CVE-2020-6486
all versions
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigati
6.5MEDIUM
 CVE-2020-6485
all versions
Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised
6.5MEDIUM
 CVE-2020-6484
all versions
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation
6.5MEDIUM
 CVE-2020-6483
all versions
Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation
6.5MEDIUM
 CVE-2020-6482
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user
6.5MEDIUM
 CVE-2020-6481
all versions
Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform doma
6.5MEDIUM
 CVE-2020-6480
all versions
Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation
6.5MEDIUM
 CVE-2020-6479
all versions
Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via
6.5MEDIUM
 CVE-2020-6478
all versions
Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI
6.5MEDIUM
 CVE-2020-6477
all versions
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privi
7.8HIGH
 CVE-2020-6476
all versions
Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to in
6.5MEDIUM
 CVE-2020-6475
all versions
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via
6.5MEDIUM
 CVE-2020-6474
all versions
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption vi
8.8HIGH
 CVE-2020-6473
all versions
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially se
6.5MEDIUM
 CVE-2020-6472
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user
6.5MEDIUM
 CVE-2020-6471
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user
9.6CRITICAL
 CVE-2020-6470
all versions
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject
6.1MEDIUM
 CVE-2020-6469
all versions
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user
9.6CRITICAL
 CVE-2020-6468
all versions
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a
8.8HIGH
 CVE-2020-6467
all versions
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption v
8.8HIGH
 CVE-2020-6466
all versions
Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process
9.6CRITICAL
 CVE-2020-6465
all versions
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the
9.6CRITICAL
 CVE-2020-6464
all versions
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption v
8.8HIGH
 CVE-2020-6463
all versions
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption v
8.8HIGH
 CVE-2020-9484
all versions
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attack
7.0HIGH
 CVE-2020-13249
all versions
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from
8.8HIGH
 CVE-2020-10726
all versions
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket
6.0MEDIUM
 CVE-2020-10725
all versions
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user bac
7.7HIGH
 CVE-2020-13164
all versions
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/disse
7.5HIGH
 CVE-2020-10723
all versions
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of
5.1MEDIUM
 CVE-2020-10722
all versions
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() c
5.1MEDIUM
 CVE-2020-10995
all versions
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the
7.5HIGH
 CVE-2020-10135
all versions
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an
5.4MEDIUM
 CVE-2020-8617
all versions
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker
7.5HIGH
 CVE-2020-12663
all versions
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5HIGH
 CVE-2020-12662
all versions
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random s
7.5HIGH
 CVE-2020-12244
all versions
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lackin
7.5HIGH
 CVE-2020-13143
all versions
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without consi
6.5MEDIUM
 CVE-2020-12801
all versions
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers t
5.3MEDIUM
 CVE-2020-12888
all versions
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3MEDIUM
 CVE-2020-11526
all versions
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
2.2LOW
 CVE-2020-11525
all versions
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
2.2LOW
 CVE-2020-11524
all versions
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
6.6MEDIUM
 CVE-2020-11523
all versions
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
6.6MEDIUM
 CVE-2020-11522
all versions
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
6.5MEDIUM
 CVE-2020-11521
all versions
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
6.6MEDIUM
 CVE-2020-0093
all versions
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead
5.0MEDIUM
 CVE-2020-1945
all versions
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.
6.3MEDIUM
 CVE-2020-12823
all versions
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via
9.8CRITICAL
 CVE-2020-11866
all versions
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.
7.8HIGH
 CVE-2020-11865
all versions
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.
7.8HIGH
 CVE-2020-11864
all versions
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
5.5MEDIUM
 CVE-2020-11863
all versions
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
5.5MEDIUM
 CVE-2020-12771
all versions
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coa
5.5MEDIUM
 CVE-2020-12769
all versions
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent c
5.5MEDIUM
 CVE-2020-12767
all versions
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
5.5MEDIUM
 CVE-2020-10690
all versions
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while re
6.5MEDIUM
 CVE-2020-12108
all versions
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
6.5MEDIUM
 CVE-2020-10704
all versions
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Ac
7.5HIGH
 CVE-2020-12672
all versions
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
7.5HIGH
 CVE-2020-12656
all versions
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 la
5.5MEDIUM
 CVE-2020-12653
all versions
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifie
7.8HIGH
 CVE-2020-10700
all versions
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' co
5.3MEDIUM
 CVE-2020-12641
all versions
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configu
9.8CRITICAL
 CVE-2020-12640
all versions
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name t
9.8CRITICAL
 CVE-2020-12625
all versions
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.ph
6.1MEDIUM
 CVE-2020-10683
all versions
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H
9.8CRITICAL
 CVE-2020-11652
all versions
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows
6.5MEDIUM
 CVE-2020-11651
all versions
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does no
9.8CRITICAL
 CVE-2020-11022
all versions
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9MEDIUM
 CVE-2020-10663
all versions
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Ob
7.5HIGH
 CVE-2020-12243
all versions
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of servic
7.5HIGH
 CVE-2020-12268
all versions
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
9.8CRITICAL
 CVE-2020-12137
all versions
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribu
6.1MEDIUM
 CVE-2020-12105
all versions
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in perfor
5.9MEDIUM
 CVE-2020-11945
all versions
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access t
9.8CRITICAL
 CVE-2020-1983
all versions
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a
7.5HIGH
 CVE-2020-12066
all versions
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
7.5HIGH
 CVE-2019-20787
all versions
Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.
9.8CRITICAL
 CVE-2020-1967
all versions
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL
7.5HIGH
 CVE-2020-11793
all versions
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote a
8.8HIGH
 CVE-2020-11868
all versions
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a se
7.5HIGH
 CVE-2019-12519
all versions
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evalu
9.8CRITICAL
 CVE-2019-12521
all versions
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext conta
5.9MEDIUM
 CVE-2020-2959
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
8.6HIGH
 CVE-2020-2958
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-2951
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.5MEDIUM
 CVE-2020-2929
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.8HIGH
 CVE-2020-2914
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.0HIGH
 CVE-2020-2913
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.0HIGH
 CVE-2020-2911
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-2910
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.5MEDIUM
 CVE-2020-2909
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
2.8LOW
 CVE-2020-2908
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
8.2HIGH
 CVE-2020-2907
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
7.5HIGH
 CVE-2020-2905
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
8.2HIGH
 CVE-2020-2902
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
8.8HIGH
 CVE-2020-2894
all versions
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected
6.0MEDIUM
 CVE-2020-2830
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
5.3MEDIUM
 CVE-2020-2816
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
7.5HIGH
 CVE-2020-2814
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and
4.9MEDIUM
 CVE-2020-2812
all versions
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affec
4.9MEDIUM
 CVE-2020-2805
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-2803
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affec
8.3HIGH
 CVE-2020-2800
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions
4.8MEDIUM
 CVE-2020-2781
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected a
5.3MEDIUM
 CVE-2020-2778
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
3.7LOW
 CVE-2020-2773
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affect
3.7LOW
 CVE-2020-2767
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6
4.8MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin