CVE-2020-15157
- EPSS 2.21%
- Veröffentlicht 16.10.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:57
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a sp...
CVE-2020-25645
- EPSS 2.43%
- Veröffentlicht 13.10.2020 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:19
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two e...
CVE-2020-14355
- EPSS 2.66%
- Veröffentlicht 07.10.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:04
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...
CVE-2020-25641
- EPSS 0.39%
- Veröffentlicht 06.10.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:18
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a ...
CVE-2020-7069
- EPSS 2.06%
- Veröffentlicht 02.10.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:36
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and inc...
CVE-2020-7070
- EPSS 5.03%
- Veröffentlicht 02.10.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:37
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode ...
CVE-2020-14374
- EPSS 0.43%
- Veröffentlicht 30.09.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:03:07
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypt...
CVE-2020-14375
- EPSS 0.25%
- Veröffentlicht 30.09.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:07
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the conten...
CVE-2020-14376
- EPSS 0.4%
- Veröffentlicht 30.09.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:07
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to da...
CVE-2020-14377
- EPSS 0.41%
- Veröffentlicht 30.09.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:07
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine m...