CVE-2020-10683
- EPSS 7.27%
- Veröffentlicht 01.05.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:50
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...
- EPSS 0.54%
- Veröffentlicht 30.04.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:18
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker ...
CVE-2020-11651
- EPSS 96.41%
- Veröffentlicht 30.04.2020 17:15:12
- Zuletzt bearbeitet 07.11.2025 19:32:41
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods...
CVE-2020-11652
- EPSS 86.06%
- Veröffentlicht 30.04.2020 17:15:12
- Zuletzt bearbeitet 07.11.2025 19:32:37
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated u...
- EPSS 0.4%
- Veröffentlicht 29.04.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:58:49
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade...
CVE-2020-12243
- EPSS 4.42%
- Veröffentlicht 28.04.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:22
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
- EPSS 3.76%
- Veröffentlicht 28.04.2020 06:15:10
- Zuletzt bearbeitet 21.11.2024 04:59:26
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
CVE-2019-15790
- EPSS 0.52%
- Veröffentlicht 28.04.2020 00:15:12
- Zuletzt bearbeitet 03.11.2025 20:15:42
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could ex...
CVE-2020-12137
- EPSS 2.29%
- Veröffentlicht 24.04.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:19
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, ...
CVE-2019-15791
- EPSS 1.32%
- Veröffentlicht 24.04.2020 00:15:11
- Zuletzt bearbeitet 21.11.2024 04:29:28
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. A...