CVE-2020-13871
- EPSS 4.45%
- Veröffentlicht 06.06.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:02:02
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-13867
- EPSS 0.34%
- Veröffentlicht 05.06.2020 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:02:02
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
CVE-2020-8555
- EPSS 3.68%
- Veröffentlicht 05.06.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:39:01
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arb...
CVE-2020-12723
- EPSS 5.97%
- Veröffentlicht 05.06.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:00:08
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10543
- EPSS 11.33%
- Veröffentlicht 05.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:32
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10878
- EPSS 4.88%
- Veröffentlicht 05.06.2020 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:56:16
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
CVE-2020-13692
- EPSS 4.09%
- Veröffentlicht 04.06.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:44
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-13777
- EPSS 17.51%
- Veröffentlicht 04.06.2020 07:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:50
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...
CVE-2020-11080
- EPSS 5.32%
- Veröffentlicht 03.06.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:44
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e...
CVE-2020-13379
- EPSS 99.86%
- Veröffentlicht 03.06.2020 19:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:08
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b...