- EPSS 98.95%
- Veröffentlicht 29.01.2020 16:15:12
- Zuletzt bearbeitet 07.11.2025 22:02:55
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This ...
CVE-2020-0549
- EPSS 0.59%
- Veröffentlicht 28.01.2020 01:15:12
- Zuletzt bearbeitet 21.11.2024 04:53:43
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-20421
- EPSS 4.3%
- Veröffentlicht 27.01.2020 05:15:10
- Zuletzt bearbeitet 21.11.2024 04:38:25
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVE-2019-17570
- EPSS 49.29%
- Veröffentlicht 23.01.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 04:32:33
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apa...
CVE-2015-5239
- EPSS 3.61%
- Veröffentlicht 23.01.2020 20:15:11
- Zuletzt bearbeitet 21.11.2024 02:32:37
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2015-5278
- EPSS 2.34%
- Veröffentlicht 23.01.2020 20:15:11
- Zuletzt bearbeitet 21.11.2024 02:32:42
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2016-4761
- EPSS 1.39%
- Veröffentlicht 22.01.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 02:52:54
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
CVE-2020-7595
- EPSS 7.84%
- Veröffentlicht 21.01.2020 23:15:13
- Zuletzt bearbeitet 03.12.2025 16:15:54
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-7040
- EPSS 2.87%
- Veröffentlicht 21.01.2020 21:15:16
- Zuletzt bearbeitet 21.11.2024 05:36:32
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of sto...
CVE-2019-14902
- EPSS 1.52%
- Veröffentlicht 21.01.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:39
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on a...