CVE-2020-14409
- EPSS 1.31%
- Veröffentlicht 19.01.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:12
SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.
CVE-2020-14410
- EPSS 1.67%
- Veröffentlicht 19.01.2021 20:15:12
- Zuletzt bearbeitet 20.03.2025 17:01:20
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
CVE-2021-3181
- EPSS 2.8%
- Veröffentlicht 19.01.2021 15:15:12
- Zuletzt bearbeitet 21.11.2024 06:21:04
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email me...
CVE-2021-3178
- EPSS 2.42%
- Veröffentlicht 19.01.2021 07:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:04
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirecto...
CVE-2021-3177
- EPSS 23.29%
- Veröffentlicht 19.01.2021 06:15:12
- Zuletzt bearbeitet 18.12.2025 15:15:48
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to ...
CVE-2020-36193
- EPSS 70.6%
- Veröffentlicht 18.01.2021 20:15:12
- Zuletzt bearbeitet 07.11.2025 22:03:02
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-35733
- EPSS 1.15%
- Veröffentlicht 15.01.2021 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:27:58
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
CVE-2020-26262
- EPSS 1.32%
- Veröffentlicht 13.01.2021 19:15:16
- Zuletzt bearbeitet 21.11.2024 05:19:41
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending ...
CVE-2020-28374
- EPSS 6.56%
- Veröffentlicht 13.01.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:41
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c938...
- EPSS 4.91%
- Veröffentlicht 12.01.2021 20:15:34
- Zuletzt bearbeitet 21.11.2024 05:44:58
ASP.NET Core and Visual Studio Denial of Service Vulnerability