CVE-2020-13757
- EPSS 1.36%
- Veröffentlicht 01.06.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:47
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted cipherte...
CVE-2020-12867
- EPSS 0.5%
- Veröffentlicht 01.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:00:27
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
CVE-2020-13362
- EPSS 0.38%
- Veröffentlicht 28.05.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:01:07
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2019-20807
- EPSS 0.49%
- Veröffentlicht 28.05.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:39:24
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
CVE-2020-13361
- EPSS 0.37%
- Veröffentlicht 28.05.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:01:06
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2020-13645
- EPSS 1.93%
- Veröffentlicht 28.05.2020 12:15:11
- Zuletzt bearbeitet 21.11.2024 05:01:40
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended docu...
CVE-2020-10936
- EPSS 0.5%
- Veröffentlicht 27.05.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:24
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-13632
- EPSS 0.57%
- Veröffentlicht 27.05.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:01:38
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
CVE-2020-13253
- EPSS 0.43%
- Veröffentlicht 27.05.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:53
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
- EPSS 1.03%
- Veröffentlicht 27.05.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:38
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.