CVE-2020-16846
- EPSS 94.39%
- Published 06.11.2020 08:15:13
- Last modified 14.03.2025 17:28:24
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2020-26521
- EPSS 0.68%
- Published 06.11.2020 08:15:13
- Last modified 21.11.2024 05:19:59
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
CVE-2020-26892
- EPSS 0.56%
- Published 06.11.2020 08:15:13
- Last modified 21.11.2024 05:20:25
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVE-2020-28196
- EPSS 0.38%
- Published 06.11.2020 08:15:13
- Last modified 21.11.2024 05:22:27
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVE-2020-28242
- EPSS 0.59%
- Published 06.11.2020 06:15:11
- Last modified 21.11.2024 05:22:30
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in...
CVE-2020-28241
- EPSS 0.21%
- Published 06.11.2020 05:15:10
- Last modified 21.11.2024 05:22:30
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
CVE-2020-28049
- EPSS 0.04%
- Published 04.11.2020 19:15:12
- Last modified 21.11.2024 05:22:16
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attack...
CVE-2020-8037
- EPSS 0.22%
- Published 04.11.2020 18:15:20
- Last modified 21.11.2024 05:38:16
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-6557
- EPSS 0.82%
- Published 03.11.2020 03:15:16
- Last modified 21.11.2024 05:35:57
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2020-16002
- EPSS 1.43%
- Published 03.11.2020 03:15:15
- Last modified 21.11.2024 05:06:39
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.