CVE-2020-6061
- EPSS 5.12%
- Veröffentlicht 19.02.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:00
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS reque...
CVE-2020-6062
- EPSS 6.1%
- Veröffentlicht 19.02.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:00
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigge...
CVE-2012-0055
- EPSS 1.24%
- Veröffentlicht 19.02.2020 18:15:09
- Zuletzt bearbeitet 21.11.2024 01:34:18
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
CVE-2015-0258
- EPSS 3.78%
- Veröffentlicht 17.02.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 02:22:40
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) ...
CVE-2020-8992
- EPSS 0.42%
- Veröffentlicht 14.02.2020 05:15:13
- Zuletzt bearbeitet 21.11.2024 05:39:47
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
- EPSS 0.46%
- Veröffentlicht 12.02.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:35:40
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able t...
CVE-2018-14553
- EPSS 3.41%
- Veröffentlicht 11.02.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 03:49:18
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).
CVE-2020-5529
- EPSS 4.72%
- Veröffentlicht 11.02.2020 12:15:21
- Zuletzt bearbeitet 21.11.2024 05:34:13
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Andro...
CVE-2019-11482
- EPSS 0.23%
- Veröffentlicht 08.02.2020 05:15:13
- Zuletzt bearbeitet 21.11.2024 04:21:10
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
CVE-2019-11483
- EPSS 0.4%
- Veröffentlicht 08.02.2020 05:15:13
- Zuletzt bearbeitet 03.11.2025 20:15:42
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.