CVE-2020-10531
- EPSS 2.67%
- Veröffentlicht 12.03.2020 19:15:13
- Zuletzt bearbeitet 21.11.2024 04:55:31
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVE-2020-1739
- EPSS 0.36%
- Veröffentlicht 12.03.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:11:16
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could ta...
CVE-2020-10108
- EPSS 4.08%
- Veröffentlicht 12.03.2020 13:15:12
- Zuletzt bearbeitet 25.11.2024 18:12:24
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as ...
CVE-2020-10109
- EPSS 3.3%
- Veröffentlicht 12.03.2020 13:15:12
- Zuletzt bearbeitet 25.11.2024 18:12:24
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel...
- EPSS 0.4%
- Veröffentlicht 11.03.2020 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:16
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in ...
CVE-2020-9440
- EPSS 1.28%
- Veröffentlicht 10.03.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:40:38
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
CVE-2020-10232
- EPSS 2.42%
- Veröffentlicht 09.03.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:01
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
CVE-2020-9281
- EPSS 4.33%
- Veröffentlicht 07.03.2020 01:15:15
- Zuletzt bearbeitet 21.11.2024 05:40:20
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
- EPSS 74.51%
- Veröffentlicht 06.03.2020 15:15:14
- Zuletzt bearbeitet 21.01.2026 02:15:47
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
- EPSS 0.28%
- Veröffentlicht 05.03.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:54:54
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because T...