CVE-2020-11762
- EPSS 1.81%
- Veröffentlicht 14.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:33
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
CVE-2020-11763
- EPSS 1.79%
- Veröffentlicht 14.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:33
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
CVE-2020-11764
- EPSS 1.79%
- Veröffentlicht 14.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:33
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-11765
- EPSS 1.7%
- Veröffentlicht 14.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:33
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-5260
- EPSS 10.05%
- Veröffentlicht 14.04.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:33:47
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se...
CVE-2020-11736
- EPSS 0.77%
- Veröffentlicht 13.04.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:58:30
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVE-2020-1730
- EPSS 3.07%
- Veröffentlicht 13.04.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:15
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup th...
CVE-2020-8832
- EPSS 0.45%
- Veröffentlicht 10.04.2020 00:15:11
- Zuletzt bearbeitet 21.11.2024 05:39:31
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of th...
CVE-2020-8834
- EPSS 0.35%
- Veröffentlicht 09.04.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:39:32
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kerne...
CVE-2020-11655
- EPSS 4.86%
- Veröffentlicht 09.04.2020 03:15:11
- Zuletzt bearbeitet 21.11.2024 04:58:20
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.