CVE-2020-27348
- EPSS 0.67%
- Veröffentlicht 04.12.2020 03:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:02
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affect...
CVE-2020-16123
- EPSS 0.31%
- Veröffentlicht 04.12.2020 00:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:48
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio with...
CVE-2020-29372
- EPSS 0.39%
- Veröffentlicht 28.11.2020 07:15:11
- Zuletzt bearbeitet 29.05.2026 16:16:21
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.
CVE-2020-0569
- EPSS 0.56%
- Veröffentlicht 23.11.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:53:46
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-16121
- EPSS 0.46%
- Veröffentlicht 07.11.2020 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:48
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
CVE-2020-16122
- EPSS 0.34%
- Veröffentlicht 07.11.2020 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:48
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious...
CVE-2020-15708
- EPSS 0.38%
- Veröffentlicht 06.11.2020 02:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:04
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
CVE-2020-28039
- EPSS 4.06%
- Veröffentlicht 02.11.2020 21:15:31
- Zuletzt bearbeitet 21.11.2024 05:22:15
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
CVE-2020-28040
- EPSS 1.07%
- Veröffentlicht 02.11.2020 21:15:31
- Zuletzt bearbeitet 21.11.2024 05:22:15
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
CVE-2020-14837
- EPSS 2.29%
- Veröffentlicht 21.10.2020 15:15:22
- Zuletzt bearbeitet 21.11.2024 05:04:17
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro...