Search Results (83655 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-16003 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16002 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-16001 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16000 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15995 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2024-11-21 8.8 High
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15979 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15976 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Android and 3 more 2024-11-21 8.8 High
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15975 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15972 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15969 6 Apple, Debian, Fedoraproject and 3 more 14 Ipados, Iphone Os, Macos and 11 more 2024-11-21 8.8 High
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15964 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15960 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 8.8 High
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15955 1 Fehcom 1 S\/qmail 2024-11-21 5.9 Medium
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker.
CVE-2020-15953 4 Debian, Fedoraproject, Libetpan Project and 1 more 4 Debian Linux, Fedora, Libetpan and 1 more 2024-11-21 7.4 High
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
CVE-2020-15952 1 Immuta 1 Immuta 2024-11-21 9.0 Critical
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.
CVE-2020-15951 1 Immuta 1 Immuta 2024-11-21 6.1 Medium
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.
CVE-2020-15948 1 Egain 1 Chat 2024-11-21 6.1 Medium
eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.
CVE-2020-15944 1 Gantt-chart Project 1 Gantt-chart 2024-11-21 5.4 Medium
An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can embed the attack vectors in the dashboard of other users. To exploit this vulnerability, an attacker has to be authenticated.
CVE-2020-15943 1 Gantt-chart Project 1 Gantt-chart 2024-11-21 8.1 High
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.
CVE-2020-15940 1 Fortinet 1 Forticlient Enterprise Management Server 2024-11-21 4.1 Medium
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.