CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 31 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-27818 125 DoS 2020-12-08 2020-12-08
4.3
None Remote Medium Not required None None Partial
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
2 CVE-2020-27675 362 2020-10-22 2021-01-19
4.7
None Local Medium Not required None None Complete
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.
3 CVE-2020-26935 89 Sql 2020-10-10 2021-03-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
4 CVE-2020-26934 79 XSS 2020-10-10 2021-01-28
4.3
None Remote Medium Not required None Partial None
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
5 CVE-2020-25863 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
6 CVE-2020-25862 354 2020-10-06 2021-02-10
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
7 CVE-2020-25648 770 DoS 2020-10-20 2021-03-15
5.0
None Remote Low Not required None None Partial
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
8 CVE-2020-25211 120 Overflow 2020-09-09 2020-11-02
3.6
None Local Low Not required None Partial Partial
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
9 CVE-2020-24977 125 2020-09-04 2021-03-15
6.4
None Remote Low Not required Partial None Partial
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
10 CVE-2020-24606 20 DoS 2020-08-24 2021-03-17
7.1
None Remote Medium Not required None None Complete
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
11 CVE-2020-16845 835 2020-08-06 2021-06-14
5.0
None Remote Low Not required None None Partial
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
12 CVE-2020-16166 200 +Info 2020-07-30 2021-06-14
4.3
None Remote Medium Not required Partial None None
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
13 CVE-2020-16116 22 Dir. Trav. 2020-08-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
14 CVE-2020-16003 416 2020-11-03 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
15 CVE-2020-16002 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
16 CVE-2020-16001 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
17 CVE-2020-16000 787 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 CVE-2020-15999 787 Overflow 2020-11-03 2021-02-11
4.3
None Remote Medium Not required None None Partial
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19 CVE-2020-15992 Bypass 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
20 CVE-2020-15991 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
21 CVE-2020-15990 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
22 CVE-2020-15989 665 +Info 2020-11-03 2021-02-24
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
23 CVE-2020-15988 Exec Code 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
24 CVE-2020-15987 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
25 CVE-2020-15986 416 Overflow 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None None Partial
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
26 CVE-2020-15985 2020-11-03 2021-02-24
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
27 CVE-2020-15984 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
28 CVE-2020-15983 20 Bypass 2020-11-03 2021-03-11
4.4
None Local Medium Not required Partial Partial Partial
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
29 CVE-2020-15982 +Info 2020-11-03 2021-03-11
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
30 CVE-2020-15981 125 +Info 2020-11-03 2021-03-11
4.3
None Remote Medium Not required Partial None None
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
31 CVE-2020-15980 Bypass 2020-11-03 2021-03-11
4.6
None Local Low Not required Partial Partial Partial
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
32 CVE-2020-15979 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
33 CVE-2020-15978 20 Bypass 2020-11-03 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
34 CVE-2020-15977 20 +Info 2020-11-03 2021-03-05
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
35 CVE-2020-15976 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2020-15975 190 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2020-15974 190 Overflow Bypass 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
38 CVE-2020-15973 Bypass 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
39 CVE-2020-15972 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
40 CVE-2020-15971 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
41 CVE-2020-15970 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
42 CVE-2020-15969 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
43 CVE-2020-15968 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2020-15967 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
45 CVE-2020-15966 +Info 2020-09-21 2021-03-04
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
46 CVE-2020-15965 843 2020-09-21 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
47 CVE-2020-15964 787 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
48 CVE-2020-15963 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
49 CVE-2020-15962 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
50 CVE-2020-15961 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Total number of vulnerabilities : 380   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.