- EPSS 88.9%
- Veröffentlicht 25.02.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:39:27
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the se...
CVE-2020-9383
- EPSS 0.73%
- Veröffentlicht 25.02.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:31
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVE-2020-1935
- EPSS 9.39%
- Veröffentlicht 24.02.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:38
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug...
CVE-2020-8130
- EPSS 1.36%
- Veröffentlicht 24.02.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:38:21
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2015-9542
- EPSS 3.54%
- Veröffentlicht 24.02.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 02:40:53
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading ...
CVE-2020-9327
- EPSS 3.68%
- Veröffentlicht 21.02.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 05:40:25
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2011-4915
- EPSS 0.51%
- Veröffentlicht 20.02.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 01:33:17
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
CVE-2020-9308
- EPSS 2.25%
- Veröffentlicht 20.02.2020 07:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:23
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
CVE-2011-2498
- EPSS 0.39%
- Veröffentlicht 20.02.2020 04:15:10
- Zuletzt bearbeitet 21.11.2024 01:28:24
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
CVE-2015-7747
- EPSS 8.8%
- Veröffentlicht 19.02.2020 21:15:11
- Zuletzt bearbeitet 13.08.2025 20:48:07
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as dem...