Total
329 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6613 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | |||||
CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | |||||
CVE-2019-18622 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Backports Sle, Leap and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | |||||
CVE-2019-5164 | 2 Opensuse, Shadowsocks | 3 Backports Sle, Leap, Shadowsocks-libev | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | |||||
CVE-2020-6403 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Iphone Os, Debian Linux, Fedora and 7 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2019-13703 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2019-20015 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec. | |||||
CVE-2020-6612 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. | |||||
CVE-2020-6401 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
CVE-2019-13716 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2019-20010 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | |||||
CVE-2019-13710 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
CVE-2020-6381 | 6 Debian, Fedoraproject, Google and 3 more | 11 Debian Linux, Fedora, Android and 8 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | |||||
CVE-2019-13764 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | |||||
CVE-2020-6404 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6394 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2020-6609 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | |||||
CVE-2020-6396 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |