CVE-2020-13935
- EPSS 87.55%
- Veröffentlicht 14.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:10
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv...
- EPSS 2.92%
- Veröffentlicht 14.07.2020 14:15:17
- Zuletzt bearbeitet 21.11.2024 05:01:46
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbo...
CVE-2019-20907
- EPSS 6.3%
- Veröffentlicht 13.07.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:39:39
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
CVE-2020-10756
- EPSS 0.51%
- Veröffentlicht 09.07.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:00
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious...
CVE-2020-12421
- EPSS 1.84%
- Veröffentlicht 09.07.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:41
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the u...
CVE-2020-12406
- EPSS 1.02%
- Veröffentlicht 09.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:39
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0,...
CVE-2020-12410
- EPSS 1.54%
- Veröffentlicht 09.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:39
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T...
CVE-2020-12417
- EPSS 2.69%
- Veröffentlicht 09.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:41
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability af...
CVE-2020-12418
- EPSS 3.03%
- Veröffentlicht 09.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:41
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12419
- EPSS 2.32%
- Veröffentlicht 09.07.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:41
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability ...