CVE-2020-27759
- EPSS 1.13%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:46
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain...
CVE-2020-27760
- EPSS 1.37%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:46
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch...
CVE-2020-27761
- EPSS 1.08%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:46
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The p...
CVE-2020-27762
- EPSS 1.09%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:47
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to ...
CVE-2020-27763
- EPSS 0.91%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:47
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applica...
CVE-2020-25638
- EPSS 2.91%
- Veröffentlicht 02.12.2020 15:15:12
- Zuletzt bearbeitet 23.04.2025 20:15:19
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could...
CVE-2020-25656
- EPSS 0.43%
- Veröffentlicht 02.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:22
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnera...
CVE-2020-25704
- EPSS 0.35%
- Veröffentlicht 02.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:31
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
CVE-2020-25723
- EPSS 0.36%
- Veröffentlicht 02.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:34
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bog...
CVE-2020-27813
- EPSS 2.1%
- Veröffentlicht 02.12.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:51
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.