CVE-2020-8927
- EPSS 0.42%
- Published 15.09.2020 10:15:12
- Last modified 21.11.2024 05:39:41
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 ...
CVE-2020-25284
- EPSS 0.08%
- Published 13.09.2020 18:15:09
- Last modified 21.11.2024 05:17:51
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
CVE-2020-6097
- EPSS 0.29%
- Published 10.09.2020 15:15:36
- Last modified 21.11.2024 05:35:05
An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can ...
CVE-2020-25219
- EPSS 1.23%
- Published 09.09.2020 21:15:11
- Last modified 21.11.2024 05:17:41
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
- EPSS 0.03%
- Published 09.09.2020 16:15:12
- Last modified 21.11.2024 05:17:39
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b...
- EPSS 0.16%
- Published 09.09.2020 12:15:11
- Last modified 21.11.2024 05:03:03
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this ...
CVE-2019-20916
- EPSS 0.62%
- Published 04.09.2020 20:15:11
- Last modified 21.11.2024 04:39:40
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occ...
CVE-2020-24659
- EPSS 3.4%
- Published 04.09.2020 15:15:10
- Last modified 21.11.2024 05:15:26
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...
CVE-2020-24977
- EPSS 0.55%
- Published 04.09.2020 00:15:10
- Last modified 21.11.2024 05:16:15
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2020-24553
- EPSS 0.18%
- Published 02.09.2020 17:15:12
- Last modified 21.11.2024 05:14:58
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.