CVE-2020-14803
- Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto...
read CVE-2020-14803
Published:
October 21, 2020; 11:15:20 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-15985
- Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
Published:
November 02, 2020; 10:15:13 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15979
- Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published:
November 02, 2020; 10:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-15987
- Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
Published:
November 02, 2020; 10:15:14 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-15989
- Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Published:
November 02, 2020; 10:15:14 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15992
- Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Published:
November 02, 2020; 10:15:14 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-16002
- Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Published:
November 02, 2020; 10:15:15 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-15995
- Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published:
November 02, 2020; 10:15:14 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-14797
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau...
read CVE-2020-14797
Published:
October 21, 2020; 11:15:19 AM -0400
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-14792
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauth...
read CVE-2020-14792
Published:
October 21, 2020; 11:15:19 AM -0400
V3.1: 4.2 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2020-14782
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau...
read CVE-2020-14782
Published:
October 21, 2020; 11:15:18 AM -0400
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-14781
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthent...
read CVE-2020-14781
Published:
October 21, 2020; 11:15:18 AM -0400
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-14798
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau...
read CVE-2020-14798
Published:
October 21, 2020; 11:15:19 AM -0400
CVE-2020-14796
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unau...
read CVE-2020-14796
Published:
October 21, 2020; 11:15:19 AM -0400
CVE-2020-16001
- Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Published:
November 02, 2020; 10:15:14 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-2659
- Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated...
read CVE-2020-2659
Published:
January 15, 2020; 12:15:24 PM -0500
V3.1: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2020-29369
- An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
Published:
November 28, 2020; 2:15:11 AM -0500
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2020-13482
- EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
Published:
May 25, 2020; 6:15:09 PM -0400
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-27773
- A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by ze...
read CVE-2020-27773
Published:
December 04, 2020; 5:15:12 PM -0500
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-35737
- In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
Published:
December 30, 2020; 3:15:15 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM