CVE-2020-15106
- EPSS 1.29%
- Veröffentlicht 05.08.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 05:04:49
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an ex...
CVE-2020-14344
- EPSS 0.47%
- Veröffentlicht 05.08.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:03
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running...
CVE-2020-17353
- EPSS 2.37%
- Veröffentlicht 05.08.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:07:56
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
CVE-2020-16116
- EPSS 1.71%
- Veröffentlicht 03.08.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:06:47
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
CVE-2020-16269
- EPSS 0.98%
- Veröffentlicht 03.08.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:07:04
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
CVE-2020-16166
- EPSS 5.27%
- Veröffentlicht 30.07.2020 21:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:53
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...
CVE-2020-16135
- EPSS 4.11%
- Veröffentlicht 29.07.2020 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:06:49
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
CVE-2020-16094
- EPSS 1.78%
- Veröffentlicht 28.07.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:45
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
CVE-2020-12460
- EPSS 3.68%
- Veröffentlicht 27.07.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:44
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cau...
CVE-2020-15103
- EPSS 1.47%
- Veröffentlicht 27.07.2020 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:04:48
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindl...