CVE-2020-5267
- EPSS 1.54%
- Veröffentlicht 19.03.2020 18:15:16
- Zuletzt bearbeitet 21.11.2024 05:33:48
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in...
CVE-2020-10675
- EPSS 2.47%
- Veröffentlicht 19.03.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:49
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
CVE-2019-20485
- EPSS 0.81%
- Veröffentlicht 19.03.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:38:35
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2020-7919
- EPSS 2.58%
- Veröffentlicht 16.03.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:38:00
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
CVE-2020-6581
- EPSS 1.61%
- Veröffentlicht 16.03.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:00
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
CVE-2020-6582
- EPSS 3.87%
- Veröffentlicht 16.03.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:36:00
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
CVE-2020-1740
- EPSS 0.37%
- Veröffentlicht 16.03.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 05:11:17
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp a...
CVE-2020-1735
- EPSS 0.49%
- Veröffentlicht 16.03.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:16
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believ...
CVE-2020-1736
- EPSS 0.4%
- Veröffentlicht 16.03.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:16
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be ...
CVE-2020-1753
- EPSS 0.51%
- Veröffentlicht 16.03.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:18
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters suc...