CVE-2020-11609
- EPSS 0.59%
- Veröffentlicht 07.04.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 04:58:14
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer derefer...
CVE-2020-11608
- EPSS 0.53%
- Veröffentlicht 07.04.2020 14:15:14
- Zuletzt bearbeitet 21.11.2024 04:58:13
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
- EPSS 0.52%
- Veröffentlicht 06.04.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:09
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security...
CVE-2020-11501
- EPSS 3.39%
- Veröffentlicht 03.04.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 04:58:01
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes...
CVE-2020-11494
- EPSS 0.72%
- Veröffentlicht 02.04.2020 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:58:00
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configurati...
CVE-2020-8835
- EPSS 6.06%
- Veröffentlicht 02.04.2020 18:15:18
- Zuletzt bearbeitet 21.11.2024 05:39:32
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5....
CVE-2020-11100
- EPSS 60.73%
- Veröffentlicht 02.04.2020 15:15:17
- Zuletzt bearbeitet 21.11.2024 04:56:47
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
CVE-2020-1927
- EPSS 56.69%
- Veröffentlicht 02.04.2020 00:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:37
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2020-1934
- EPSS 51.95%
- Veröffentlicht 01.04.2020 20:15:15
- Zuletzt bearbeitet 21.11.2024 05:11:38
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-7064
- EPSS 4.3%
- Veröffentlicht 01.04.2020 04:15:13
- Zuletzt bearbeitet 21.11.2024 05:36:36
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead ...