CVE-2020-14001
- EPSS 4.56%
- Veröffentlicht 17.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:19
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins w...
CVE-2020-14928
- EPSS 2.81%
- Veröffentlicht 17.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:27
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
CVE-2020-15586
- EPSS 2.89%
- Veröffentlicht 17.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:05:48
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-15803
- EPSS 32.3%
- Veröffentlicht 17.07.2020 03:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:12
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
CVE-2020-15117
- EPSS 2.49%
- Veröffentlicht 15.07.2020 18:15:36
- Zuletzt bearbeitet 21.11.2024 05:04:51
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a c...
CVE-2020-14619
- EPSS 2.69%
- Veröffentlicht 15.07.2020 18:15:27
- Zuletzt bearbeitet 21.11.2024 05:03:41
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protoco...
- EPSS 4.35%
- Veröffentlicht 15.07.2020 18:15:27
- Zuletzt bearbeitet 27.05.2025 16:33:09
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenti...
CVE-2020-14614
- EPSS 2.32%
- Veröffentlicht 15.07.2020 18:15:26
- Zuletzt bearbeitet 21.11.2024 05:03:41
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro...
CVE-2020-14593
- EPSS 3.86%
- Veröffentlicht 15.07.2020 18:15:25
- Zuletzt bearbeitet 27.05.2025 16:29:06
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthentica...
CVE-2020-14597
- EPSS 2.07%
- Veröffentlicht 15.07.2020 18:15:25
- Zuletzt bearbeitet 21.11.2024 05:03:38
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro...