CVE-2020-8286
- EPSS 4.58%
- Veröffentlicht 14.12.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:38:39
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2020-8169
- EPSS 3.43%
- Veröffentlicht 14.12.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:25
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVE-2020-8177
- EPSS 1.24%
- Veröffentlicht 14.12.2020 20:15:13
- Zuletzt bearbeitet 15.04.2026 21:17:03
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2020-8231
- EPSS 3.72%
- Veröffentlicht 14.12.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:33
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
CVE-2020-8284
- EPSS 3.85%
- Veröffentlicht 14.12.2020 20:15:13
- Zuletzt bearbeitet 16.04.2026 15:16:42
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed,...
CVE-2020-8285
- EPSS 9.92%
- Veröffentlicht 14.12.2020 20:15:13
- Zuletzt bearbeitet 16.04.2026 15:16:43
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-35176
- EPSS 1.83%
- Veröffentlicht 12.12.2020 00:15:12
- Zuletzt bearbeitet 21.11.2024 05:26:54
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incompl...
CVE-2020-26418
- EPSS 2.97%
- Veröffentlicht 11.12.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:54
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
CVE-2020-26421
- EPSS 2.59%
- Veröffentlicht 11.12.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:54
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
CVE-2020-27825
- EPSS 0.28%
- Veröffentlicht 11.12.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:53
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This fl...