CVE-2020-10755
- EPSS 1.2%
- Veröffentlicht 10.06.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:00
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When ...
CVE-2020-10757
- EPSS 0.99%
- Veröffentlicht 09.06.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:56:00
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
- EPSS 1.8%
- Veröffentlicht 09.06.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 04:56:01
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A r...
CVE-2020-13974
- EPSS 0.57%
- Veröffentlicht 09.06.2020 05:15:10
- Zuletzt bearbeitet 21.11.2024 05:02:16
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does no...
CVE-2020-13625
- EPSS 3.78%
- Veröffentlicht 08.06.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:37
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
CVE-2020-13696
- EPSS 0.36%
- Veröffentlicht 08.06.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:45
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker wi...
CVE-2020-12049
- EPSS 0.57%
- Veröffentlicht 08.06.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:59:10
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or a...
CVE-2020-12695
- EPSS 15.19%
- Veröffentlicht 08.06.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 05:00:05
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger is...
CVE-2020-13904
- EPSS 1.28%
- Veröffentlicht 07.06.2020 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:02:07
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVE-2020-13881
- EPSS 1.67%
- Veröffentlicht 06.06.2020 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:02:04
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.