CVE-2020-25657
- EPSS 1.73%
- Veröffentlicht 12.01.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:22
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to con...
CVE-2021-23239
- EPSS 1.03%
- Veröffentlicht 12.01.2021 09:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:25
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
CVE-2021-23240
- EPSS 1.07%
- Veröffentlicht 12.01.2021 09:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:25
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in p...
CVE-2020-35653
- EPSS 1.5%
- Veröffentlicht 12.01.2021 09:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:46
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
CVE-2020-35654
- EPSS 1.79%
- Veröffentlicht 12.01.2021 09:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:46
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
CVE-2020-35655
- EPSS 1.57%
- Veröffentlicht 12.01.2021 09:15:13
- Zuletzt bearbeitet 21.11.2024 05:27:46
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
CVE-2020-35701
- EPSS 4.6%
- Veröffentlicht 11.01.2021 16:15:15
- Zuletzt bearbeitet 21.11.2024 05:27:52
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
CVE-2021-21109
- EPSS 1.32%
- Veröffentlicht 08.01.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:47:35
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21110
- EPSS 3.1%
- Veröffentlicht 08.01.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:47:35
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21111
- EPSS 1.07%
- Veröffentlicht 08.01.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:47:35
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.