Total
8120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35628 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-14351 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25651 | 3 Debian, Fedoraproject, Spice-space | 3 Debian Linux, Fedora, Spice-vdagent | 2024-02-04 | 3.3 LOW | 6.4 MEDIUM |
| A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. | |||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | |||||
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-13943 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. | |||||
| CVE-2020-35477 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). | |||||
| CVE-2020-27671 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | |||||
| CVE-2021-25281 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | |||||
| CVE-2020-8287 | 5 Debian, Fedoraproject, Nodejs and 2 more | 5 Debian Linux, Fedora, Node.js and 2 more | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | |||||
| CVE-2020-6545 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | |||||
| CVE-2020-6542 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-25625 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 4.7 MEDIUM | 5.3 MEDIUM |
| hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | |||||
| CVE-2020-6557 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2021-23961 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2024-02-04 | 4.3 MEDIUM | 7.4 HIGH |
| Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-20276 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. | |||||
| CVE-2020-28941 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. | |||||
| CVE-2020-26519 | 3 Artifex, Debian, Fedoraproject | 3 Mupdf, Debian Linux, Fedora | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. | |||||
| CVE-2020-35662 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
| In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | |||||