CVE-2020-14303
- EPSS 3.54%
- Veröffentlicht 06.07.2020 18:15:20
- Zuletzt bearbeitet 21.11.2024 05:02:57
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
CVE-2020-8185
- EPSS 2.18%
- Veröffentlicht 02.07.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:27
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
CVE-2020-15503
- EPSS 3.67%
- Veröffentlicht 02.07.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:05:39
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tl...
CVE-2020-9498
- EPSS 0.74%
- Veröffentlicht 02.07.2020 13:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:46
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corrupti...
CVE-2020-9497
- EPSS 0.8%
- Veröffentlicht 02.07.2020 13:15:10
- Zuletzt bearbeitet 21.11.2024 05:40:46
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within th...
CVE-2020-5238
- EPSS 1.57%
- Veröffentlicht 01.07.2020 23:15:10
- Zuletzt bearbeitet 21.11.2024 05:33:44
The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This...
CVE-2020-14058
- EPSS 2.61%
- Veröffentlicht 30.06.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:27
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-...
CVE-2020-15049
- EPSS 5.71%
- Veröffentlicht 30.06.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:04:41
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containi...
CVE-2020-15396
- EPSS 0.39%
- Veröffentlicht 30.06.2020 12:15:12
- Zuletzt bearbeitet 21.11.2024 05:05:29
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
CVE-2017-18922
- EPSS 2.26%
- Veröffentlicht 30.06.2020 11:15:10
- Zuletzt bearbeitet 21.11.2024 03:21:16
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overf...