CVE-2020-25693
- EPSS 1.47%
- Veröffentlicht 03.12.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:29
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or dat...
CVE-2020-15257
- EPSS 3.24%
- Veröffentlicht 01.12.2020 03:15:11
- Zuletzt bearbeitet 21.11.2024 05:05:12
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the ...
CVE-2020-11867
- EPSS 0.47%
- Veröffentlicht 30.11.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:47
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
CVE-2020-29129
- EPSS 1.44%
- Veröffentlicht 26.11.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:23:39
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130
- EPSS 1.83%
- Veröffentlicht 26.11.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:23:39
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-25651
- EPSS 0.29%
- Veröffentlicht 26.11.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 05:18:21
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrup...
CVE-2020-25652
- EPSS 0.43%
- Veröffentlicht 26.11.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 05:18:21
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw t...
CVE-2020-25653
- EPSS 0.33%
- Veröffentlicht 26.11.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 05:18:21
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of servic...
CVE-2020-29074
- EPSS 1.72%
- Veröffentlicht 25.11.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 05:23:38
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
CVE-2020-25650
- EPSS 0.49%
- Veröffentlicht 25.11.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:18:20
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use ...