CVE-2020-28366
- EPSS 2.24%
- Veröffentlicht 18.11.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:22:40
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVE-2020-8695
- EPSS 0.41%
- Veröffentlicht 12.11.2020 18:15:16
- Zuletzt bearbeitet 21.11.2024 05:39:16
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2020-8696
- EPSS 0.44%
- Veröffentlicht 12.11.2020 18:15:16
- Zuletzt bearbeitet 21.11.2024 05:39:16
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-8698
- EPSS 0.51%
- Veröffentlicht 12.11.2020 18:15:16
- Zuletzt bearbeitet 21.11.2024 05:39:17
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-25658
- EPSS 1.63%
- Veröffentlicht 12.11.2020 14:15:22
- Zuletzt bearbeitet 21.11.2024 05:18:22
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
CVE-2020-28368
- EPSS 0.39%
- Veröffentlicht 10.11.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:22:40
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically i...
CVE-2020-0452
- EPSS 3.19%
- Veröffentlicht 10.11.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:53:32
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution pri...
CVE-2017-18926
- EPSS 3.08%
- Veröffentlicht 06.11.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 03:21:16
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
CVE-2020-16846
- EPSS 99.59%
- Veröffentlicht 06.11.2020 08:15:13
- Zuletzt bearbeitet 07.11.2025 19:32:05
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2020-26521
- EPSS 2.09%
- Veröffentlicht 06.11.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:19:59
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).