CVE-2020-7788
- EPSS 3.61%
- Veröffentlicht 11.12.2020 11:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:48
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVE-2020-29668
- EPSS 1.96%
- Veröffentlicht 10.12.2020 08:15:11
- Zuletzt bearbeitet 21.11.2024 05:24:24
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
CVE-2020-16587
- EPSS 1.24%
- Veröffentlicht 09.12.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:07:09
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
CVE-2020-16588
- EPSS 1.2%
- Veröffentlicht 09.12.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:07:10
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.
CVE-2020-16589
- EPSS 1.13%
- Veröffentlicht 09.12.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:07:10
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
CVE-2020-29660
- EPSS 0.47%
- Veröffentlicht 09.12.2020 17:15:31
- Zuletzt bearbeitet 21.11.2024 05:24:22
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
CVE-2020-29661
- EPSS 1.13%
- Veröffentlicht 09.12.2020 17:15:31
- Zuletzt bearbeitet 21.11.2024 05:24:23
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
CVE-2020-27754
- EPSS 1.12%
- Veröffentlicht 08.12.2020 22:15:18
- Zuletzt bearbeitet 21.11.2024 05:21:45
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPi...
CVE-2020-27757
- EPSS 1.07%
- Veröffentlicht 08.12.2020 22:15:18
- Zuletzt bearbeitet 21.11.2024 05:21:46
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under ...
CVE-2020-27758
- EPSS 1.12%
- Veröffentlicht 08.12.2020 22:15:18
- Zuletzt bearbeitet 21.11.2024 05:21:46
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lea...