CVE-2020-26892
- EPSS 2.05%
- Veröffentlicht 06.11.2020 08:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:25
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVE-2020-28196
- EPSS 4.37%
- Veröffentlicht 06.11.2020 08:15:13
- Zuletzt bearbeitet 03.12.2025 19:15:52
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVE-2020-28242
- EPSS 1.54%
- Veröffentlicht 06.11.2020 06:15:11
- Zuletzt bearbeitet 21.11.2024 05:22:30
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in...
CVE-2020-28241
- EPSS 2.13%
- Veröffentlicht 06.11.2020 05:15:10
- Zuletzt bearbeitet 21.11.2024 05:22:30
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
CVE-2020-28049
- EPSS 0.42%
- Veröffentlicht 04.11.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:16
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attack...
CVE-2020-8037
- EPSS 3.07%
- Veröffentlicht 04.11.2020 18:15:20
- Zuletzt bearbeitet 21.11.2024 05:38:16
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-6557
- EPSS 1.5%
- Veröffentlicht 03.11.2020 03:15:16
- Zuletzt bearbeitet 21.11.2024 05:35:57
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2020-16002
- EPSS 1.64%
- Veröffentlicht 03.11.2020 03:15:15
- Zuletzt bearbeitet 21.11.2024 05:06:39
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2020-16003
- EPSS 1.47%
- Veröffentlicht 03.11.2020 03:15:15
- Zuletzt bearbeitet 21.11.2024 05:06:39
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16004
- EPSS 1.5%
- Veröffentlicht 03.11.2020 03:15:15
- Zuletzt bearbeitet 21.11.2024 05:06:39
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.