Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Backports_sle
(Opensuse)| Repositories |
• https://github.com/opencontainers/runc
• https://github.com/lighttpd/lighttpd1.4 |
| #Vulnerabilities | 326 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-27 | CVE-2020-7041 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | Fedora, Openfortivpn, Backports_sle, Leap | 5.3 | ||
| 2020-02-27 | CVE-2020-7042 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | Fedora, Openfortivpn, Backports_sle, Leap | 5.3 | ||
| 2020-02-27 | CVE-2020-7043 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | Fedora, Openfortivpn, Backports_sle, Leap | 9.1 | ||
| 2020-03-23 | CVE-2020-6422 | Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
| 2020-03-23 | CVE-2020-6424 | Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
| 2020-03-23 | CVE-2020-6426 | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 6.5 | ||
| 2020-03-23 | CVE-2020-6427 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
| 2020-03-23 | CVE-2020-6428 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
| 2020-03-23 | CVE-2020-6429 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 | ||
| 2020-03-23 | CVE-2020-6449 | Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Fedora, Chrome, Backports_sle, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 8.8 |