CVE-2020-14378
- EPSS 0.4%
- Veröffentlicht 30.09.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:07
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-co...
CVE-2020-26137
- EPSS 2.27%
- Veröffentlicht 30.09.2020 18:15:26
- Zuletzt bearbeitet 21.11.2024 05:19:19
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
CVE-2020-26116
- EPSS 6.42%
- Veröffentlicht 27.09.2020 04:15:11
- Zuletzt bearbeitet 21.11.2024 05:19:16
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar...
CVE-2020-26088
- EPSS 0.4%
- Veröffentlicht 24.09.2020 15:15:15
- Zuletzt bearbeitet 21.11.2024 05:19:12
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
CVE-2020-25739
- EPSS 1.38%
- Veröffentlicht 23.09.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:37
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without rely...
CVE-2019-20919
- EPSS 0.51%
- Veröffentlicht 17.09.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:39:41
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CVE-2020-14382
- EPSS 1.16%
- Veröffentlicht 16.09.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:08
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in fil...
CVE-2020-14392
- EPSS 0.58%
- Veröffentlicht 16.09.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 05:03:09
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
CVE-2020-14385
- EPSS 0.42%
- Veröffentlicht 15.09.2020 22:15:13
- Zuletzt bearbeitet 21.11.2024 05:03:08
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, o...
CVE-2020-14314
- EPSS 0.36%
- Veröffentlicht 15.09.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:02:59
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The high...