CVE-2020-7065
- EPSS 4.76%
- Veröffentlicht 01.04.2020 04:15:13
- Zuletzt bearbeitet 21.11.2024 05:36:36
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and pote...
CVE-2020-6814
- EPSS 1.82%
- Veröffentlicht 25.03.2020 22:15:13
- Zuletzt bearbeitet 21.11.2024 05:36:13
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
CVE-2020-6805
- EPSS 1.25%
- Veröffentlicht 25.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:12
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Fir...
CVE-2020-6806
- EPSS 2.54%
- Veröffentlicht 25.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:12
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affect...
CVE-2020-6807
- EPSS 1.24%
- Veröffentlicht 25.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:13
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Th...
CVE-2020-6811
- EPSS 3.19%
- Veröffentlicht 25.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:13
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted...
CVE-2020-6812
- EPSS 1.56%
- Veröffentlicht 25.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:13
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve ...
CVE-2020-10942
- EPSS 0.96%
- Veröffentlicht 24.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:56:25
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-1950
- EPSS 2.93%
- Veröffentlicht 23.03.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:43
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CVE-2020-1951
- EPSS 2.83%
- Veröffentlicht 23.03.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:43
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.