CVE-2020-25613
- EPSS 3.85%
- Veröffentlicht 06.10.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:14
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issu...
CVE-2020-26571
- EPSS 0.4%
- Veröffentlicht 06.10.2020 02:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:06
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26572
- EPSS 0.4%
- Veröffentlicht 06.10.2020 02:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:06
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2020-26570
- EPSS 0.4%
- Veröffentlicht 06.10.2020 02:15:12
- Zuletzt bearbeitet 21.11.2024 05:20:06
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
CVE-2020-8223
- EPSS 1.47%
- Veröffentlicht 05.10.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:38:32
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
CVE-2020-7069
- EPSS 2.06%
- Veröffentlicht 02.10.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:36
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and inc...
CVE-2020-7070
- EPSS 5.03%
- Veröffentlicht 02.10.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:37
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode ...
CVE-2020-26519
- EPSS 1.03%
- Veröffentlicht 02.10.2020 06:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:59
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
CVE-2020-11979
- EPSS 8.24%
- Veröffentlicht 01.10.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 04:59:02
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...
CVE-2020-26154
- EPSS 3.57%
- Veröffentlicht 30.09.2020 18:15:27
- Zuletzt bearbeitet 21.11.2024 05:19:23
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.