CVE-2020-13765
- EPSS 2.41%
- Veröffentlicht 04.06.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:48
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
- EPSS 0.49%
- Veröffentlicht 04.06.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:53
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE-2020-13777
- EPSS 17.51%
- Veröffentlicht 04.06.2020 07:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:50
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...
CVE-2020-13254
- EPSS 6.09%
- Veröffentlicht 03.06.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:53
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
CVE-2020-13596
- EPSS 2.87%
- Veröffentlicht 03.06.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:34
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
CVE-2019-20811
- EPSS 0.44%
- Veröffentlicht 03.06.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 04:39:25
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2019-20810
- EPSS 0.46%
- Veröffentlicht 03.06.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:39:25
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2020-7663
- EPSS 4.4%
- Veröffentlicht 02.06.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:37:33
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-b...
CVE-2020-13754
- EPSS 0.42%
- Veröffentlicht 02.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:47
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-13659
- EPSS 0.43%
- Veröffentlicht 02.06.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 05:01:42
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.