VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-nx21-ks3v-53e4

Essentials
Severities (73)
References (184)
Severity details (68)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-nx21-ks3v-53e4
Aliases	CVE-2020-15999 GHSA-pv36-h7jh-qm62
Summary	Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-787	Out-of-bounds Write
CWE-190	Integer Overflow or Wraparound
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
cvssv3.1	9.6	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
cvssv3	8.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json
epss	0.92905	https://api.first.org/data/v1/epss?cve=CVE-2020-15999
epss	0.92905	https://api.first.org/data/v1/epss?cve=CVE-2020-15999
epss	0.92931	https://api.first.org/data/v1/epss?cve=CVE-2020-15999
epss	0.92931	https://api.first.org/data/v1/epss?cve=CVE-2020-15999
epss	0.92931	https://api.first.org/data/v1/epss?cve=CVE-2020-15999
cvssv3.1	6.5	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
cvssv3.1	9.6	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
generic_textual	MODERATE	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
ssvc	Track	https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
cvssv3.1	6.5	https://crbug.com/1139963
cvssv3.1	9.6	https://crbug.com/1139963
generic_textual	MODERATE	https://crbug.com/1139963
ssvc	Track	https://crbug.com/1139963
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2020/Nov/33
cvssv3.1	9.6	http://seclists.org/fulldisclosure/2020/Nov/33
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2020/Nov/33
ssvc	Track	http://seclists.org/fulldisclosure/2020/Nov/33
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-pv36-h7jh-qm62
cvssv3.1	6.5	https://github.com/cefsharp/CefSharp
generic_textual	MODERATE	https://github.com/cefsharp/CefSharp
cvssv3.1	6.5	https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
cvssv3.1_qr	MODERATE	https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
generic_textual	MODERATE	https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
cvssv3.1	6.5	https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
cvssv3.1	9.6	https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
generic_textual	MODERATE	https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
ssvc	Track	https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2020-15999
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-15999
archlinux	High	https://security.archlinux.org/AVG-1254
archlinux	High	https://security.archlinux.org/AVG-1255
archlinux	Critical	https://security.archlinux.org/AVG-1279
cvssv3.1	6.5	https://security.gentoo.org/glsa/202011-12
cvssv3.1	9.6	https://security.gentoo.org/glsa/202011-12
generic_textual	MODERATE	https://security.gentoo.org/glsa/202011-12
ssvc	Track	https://security.gentoo.org/glsa/202011-12
cvssv3.1	6.5	https://security.gentoo.org/glsa/202012-04
cvssv3.1	9.6	https://security.gentoo.org/glsa/202012-04
generic_textual	MODERATE	https://security.gentoo.org/glsa/202012-04
ssvc	Track	https://security.gentoo.org/glsa/202012-04
cvssv3.1	6.5	https://security.gentoo.org/glsa/202401-19
cvssv3.1	9.6	https://security.gentoo.org/glsa/202401-19
generic_textual	MODERATE	https://security.gentoo.org/glsa/202401-19
ssvc	Track	https://security.gentoo.org/glsa/202401-19
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240812-0001
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240812-0001
cvssv3.1	6.5	https://www.debian.org/security/2021/dsa-4824
cvssv3.1	9.6	https://www.debian.org/security/2021/dsa-4824
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-4824
ssvc	Track	https://www.debian.org/security/2021/dsa-4824
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2020-50
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2020-51
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2020-52
cvssv3.1	6.5	https://www.nuget.org/packages/CefSharp.Common
generic_textual	MODERATE	https://www.nuget.org/packages/CefSharp.Common
cvssv3.1	6.5	https://www.nuget.org/packages/CefSharp.WinForms
generic_textual	MODERATE	https://www.nuget.org/packages/CefSharp.WinForms
cvssv3.1	6.5	https://www.nuget.org/packages/CefSharp.Wpf
generic_textual	MODERATE	https://www.nuget.org/packages/CefSharp.Wpf
cvssv3.1	6.5	https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
generic_textual	MODERATE	https://www.nuget.org/packages/CefSharp.Wpf.HwndHost

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-15999
		https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
		https://crbug.com/1139963
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576
		http://seclists.org/fulldisclosure/2020/Nov/33
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/cefsharp/CefSharp
		https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62
		https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7
		https://nvd.nist.gov/vuln/detail/CVE-2020-15999
		https://security.gentoo.org/glsa/202011-12
		https://security.gentoo.org/glsa/202012-04
		https://security.gentoo.org/glsa/202401-19
		https://security.netapp.com/advisory/ntap-20240812-0001
		https://www.debian.org/security/2021/dsa-4824
		https://www.nuget.org/packages/CefSharp.Common
		https://www.nuget.org/packages/CefSharp.WinForms
		https://www.nuget.org/packages/CefSharp.Wpf
		https://www.nuget.org/packages/CefSharp.Wpf.HwndHost
1890210		https://bugzilla.redhat.com/show_bug.cgi?id=1890210
972586		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586
ASA-202010-10		https://security.archlinux.org/ASA-202010-10
ASA-202010-11		https://security.archlinux.org/ASA-202010-11
ASA-202011-12		https://security.archlinux.org/ASA-202011-12
AVG-1254		https://security.archlinux.org/AVG-1254
AVG-1255		https://security.archlinux.org/AVG-1255
AVG-1279		https://security.archlinux.org/AVG-1279
GHSA-pv36-h7jh-qm62		https://github.com/advisories/GHSA-pv36-h7jh-qm62
GLSA-202010-07		https://security.gentoo.org/glsa/202010-07
J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/
mfsa2020-50		https://www.mozilla.org/en-US/security/advisories/mfsa2020-50
mfsa2020-51		https://www.mozilla.org/en-US/security/advisories/mfsa2020-51
mfsa2020-52		https://www.mozilla.org/en-US/security/advisories/mfsa2020-52
RHSA-2020:4351		https://access.redhat.com/errata/RHSA-2020:4351
RHSA-2020:4907		https://access.redhat.com/errata/RHSA-2020:4907
RHSA-2020:4949		https://access.redhat.com/errata/RHSA-2020:4949
RHSA-2020:4950		https://access.redhat.com/errata/RHSA-2020:4950
RHSA-2020:4951		https://access.redhat.com/errata/RHSA-2020:4951
RHSA-2020:4952		https://access.redhat.com/errata/RHSA-2020:4952
USN-4593-1		https://usn.ubuntu.com/4593-1/
USN-4593-2		https://usn.ubuntu.com/4593-2/

Data source	KEV
Date added	Nov. 3, 2021
Description	Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Required action	Apply updates per vendor instructions.
Due date	Nov. 17, 2021
Note	https://nvd.nist.gov/vuln/detail/CVE-2020-15999
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://crbug.com/1139963

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://crbug.com/1139963

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://crbug.com/1139963

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2020/Nov/33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2020/Nov/33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at http://seclists.org/fulldisclosure/2020/Nov/33

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/cefsharp/CefSharp

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15999

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202011-12

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202011-12

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://security.gentoo.org/glsa/202011-12

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202012-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202012-04

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://security.gentoo.org/glsa/202012-04

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202401-19

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-19

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://security.gentoo.org/glsa/202401-19

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240812-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4824

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4824

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/ Found at https://www.debian.org/security/2021/dsa-4824

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.nuget.org/packages/CefSharp.Common

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.nuget.org/packages/CefSharp.WinForms

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.nuget.org/packages/CefSharp.Wpf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.nuget.org/packages/CefSharp.Wpf.HwndHost

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.99772
EPSS Score	0.92905
Published At	April 13, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:59:26.628381+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-pv36-h7jh-qm62/GHSA-pv36-h7jh-qm62.json	38.0.0