CVE-2020-35730
- EPSS 32.82%
- Veröffentlicht 28.12.2020 20:15:13
- Zuletzt bearbeitet 04.11.2025 15:00:19
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcu...
CVE-2020-35738
- EPSS 1.2%
- Veröffentlicht 28.12.2020 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:27:59
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
CVE-2020-35728
- EPSS 12.5%
- Veröffentlicht 27.12.2020 05:15:11
- Zuletzt bearbeitet 29.04.2026 20:17:55
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...
- EPSS 1.17%
- Veröffentlicht 24.12.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:25
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
CVE-2020-35605
- EPSS 3.61%
- Veröffentlicht 21.12.2020 20:15:12
- Zuletzt bearbeitet 24.04.2025 17:39:27
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
CVE-2020-35573
- EPSS 2.66%
- Veröffentlicht 20.12.2020 05:15:09
- Zuletzt bearbeitet 21.11.2024 05:27:36
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
CVE-2020-35475
- EPSS 1.57%
- Veröffentlicht 18.12.2020 08:15:15
- Zuletzt bearbeitet 21.11.2024 05:27:22
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side...
CVE-2020-35477
- EPSS 1.51%
- Veröffentlicht 18.12.2020 08:15:15
- Zuletzt bearbeitet 21.11.2024 05:27:22
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" ...
CVE-2020-35479
- EPSS 1.48%
- Veröffentlicht 18.12.2020 08:15:15
- Zuletzt bearbeitet 21.11.2024 05:27:22
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects Me...
CVE-2020-35480
- EPSS 1.52%
- Veröffentlicht 18.12.2020 08:15:15
- Zuletzt bearbeitet 21.11.2024 05:27:22
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing s...