CVE-2020-25685
- EPSS 2.18%
- Veröffentlicht 20.01.2021 16:15:14
- Zuletzt bearbeitet 04.11.2025 20:15:57
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak...
CVE-2020-14409
- EPSS 1.31%
- Veröffentlicht 19.01.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:12
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
CVE-2020-14410
- EPSS 1.67%
- Veröffentlicht 19.01.2021 20:15:12
- Zuletzt bearbeitet 20.03.2025 17:01:20
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2021-20190
- EPSS 7.48%
- Veröffentlicht 19.01.2021 17:15:13
- Zuletzt bearbeitet 27.08.2025 21:15:36
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3181
- EPSS 2.8%
- Veröffentlicht 19.01.2021 15:15:12
- Zuletzt bearbeitet 21.11.2024 06:21:04
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email me...
CVE-2021-3178
- EPSS 2.42%
- Veröffentlicht 19.01.2021 07:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:04
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirecto...
CVE-2021-3177
- EPSS 23.29%
- Veröffentlicht 19.01.2021 06:15:12
- Zuletzt bearbeitet 18.12.2025 15:15:48
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to ...
CVE-2020-36193
- EPSS 70.6%
- Veröffentlicht 18.01.2021 20:15:12
- Zuletzt bearbeitet 07.11.2025 22:03:02
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-28473
- EPSS 1.84%
- Veröffentlicht 18.01.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:51
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation o...
CVE-2021-21261
- EPSS 0.57%
- Veröffentlicht 14.01.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:53
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox es...