# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2020-10531 |
787 |
|
Overflow |
2020-03-12 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. |
2 |
CVE-2020-6851 |
787 |
|
Overflow |
2020-01-13 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. |
3 |
CVE-2020-6418 |
843 |
|
|
2020-02-27 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4 |
CVE-2020-6416 |
20 |
|
|
2020-02-11 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
5 |
CVE-2020-6415 |
787 |
|
|
2020-02-11 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
6 |
CVE-2020-6408 |
|
|
+Info |
2020-02-11 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. |
7 |
CVE-2020-6406 |
416 |
|
|
2020-02-11 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8 |
CVE-2020-6404 |
787 |
|
|
2020-02-11 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
9 |
CVE-2020-6403 |
|
|
|
2020-02-11 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
10 |
CVE-2020-6402 |
20 |
|
Exec Code |
2020-02-11 |
2021-09-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. |
11 |
CVE-2020-6400 |
203 |
|
|
2020-02-11 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
12 |
CVE-2020-6398 |
908 |
|
|
2020-02-11 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
13 |
CVE-2020-6397 |
|
|
|
2020-02-11 |
2022-03-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. |
14 |
CVE-2020-6396 |
|
|
|
2020-02-11 |
2022-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
15 |
CVE-2020-6394 |
|
|
Bypass |
2020-02-11 |
2022-04-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
16 |
CVE-2020-6393 |
862 |
|
|
2020-02-11 |
2022-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
17 |
CVE-2020-6392 |
79 |
|
XSS Bypass |
2020-02-11 |
2022-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. |
18 |
CVE-2020-6391 |
79 |
|
XSS Bypass |
2020-02-11 |
2022-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. |
19 |
CVE-2020-6390 |
787 |
|
Mem. Corr. |
2020-02-11 |
2022-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
20 |
CVE-2020-6386 |
416 |
|
|
2020-02-27 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
21 |
CVE-2020-6385 |
754 |
|
Bypass |
2020-02-11 |
2022-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
22 |
CVE-2020-6384 |
416 |
|
|
2020-02-27 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
23 |
CVE-2020-6383 |
843 |
|
|
2020-02-27 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
24 |
CVE-2020-6382 |
843 |
|
|
2020-02-11 |
2022-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
25 |
CVE-2020-6381 |
190 |
|
Overflow |
2020-02-11 |
2022-04-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
26 |
CVE-2020-6377 |
416 |
|
|
2020-01-10 |
2022-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
27 |
CVE-2020-3864 |
346 |
|
|
2020-10-27 |
2021-05-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. |
28 |
CVE-2020-3757 |
843 |
|
Exec Code |
2020-02-13 |
2021-09-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. |
29 |
CVE-2020-2659 |
|
|
DoS |
2020-01-15 |
2021-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
30 |
CVE-2020-2654 |
|
|
DoS |
2020-01-15 |
2021-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
31 |
CVE-2020-2604 |
|
|
|
2020-01-15 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
32 |
CVE-2020-2601 |
|
|
|
2020-01-15 |
2021-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). |
33 |
CVE-2020-2593 |
|
|
|
2020-01-15 |
2021-03-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
34 |
CVE-2020-2590 |
|
|
|
2020-01-15 |
2021-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). |
35 |
CVE-2020-2583 |
|
|
DoS |
2020-01-15 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
36 |
CVE-2019-17024 |
787 |
|
Mem. Corr. |
2020-01-08 |
2022-04-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
37 |
CVE-2019-17022 |
79 |
|
XSS |
2020-01-08 |
2020-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
38 |
CVE-2019-17017 |
843 |
|
|
2020-01-08 |
2020-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
39 |
CVE-2019-17016 |
79 |
|
XSS |
2020-01-08 |
2020-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
40 |
CVE-2019-8846 |
416 |
|
Exec Code |
2020-10-27 |
2021-05-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
41 |
CVE-2019-8844 |
787 |
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-05-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
42 |
CVE-2019-8835 |
787 |
|
Exec Code Mem. Corr. |
2020-10-27 |
2021-05-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
43 |
CVE-2015-3147 |
59 |
|
|
2020-01-14 |
2020-01-21 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. |
44 |
CVE-2014-8141 |
787 |
|
Exec Code Overflow |
2020-01-31 |
2020-02-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
45 |
CVE-2014-8140 |
787 |
|
Exec Code Overflow |
2020-01-31 |
2020-02-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
46 |
CVE-2014-8139 |
787 |
|
Exec Code Overflow |
2020-01-31 |
2020-02-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. |
47 |
CVE-2014-7844 |
74 |
|
Exec Code |
2020-01-14 |
2020-01-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. |
48 |
CVE-2013-4535 |
20 |
|
|
2020-02-11 |
2020-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. |
49 |
CVE-2013-4166 |
200 |
|
+Info |
2020-02-06 |
2020-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. |
50 |
CVE-2012-4512 |
843 |
|
DoS |
2020-02-08 |
2020-02-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." |