CVE-2020-9402
- EPSS 22.51%
- Veröffentlicht 05.03.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:33
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggreg...
CVE-2020-10029
- EPSS 0.76%
- Veröffentlicht 04.03.2020 15:15:13
- Zuletzt bearbeitet 21.11.2024 04:54:40
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl...
CVE-2020-10018
- EPSS 4.99%
- Veröffentlicht 02.03.2020 23:15:11
- Zuletzt bearbeitet 21.11.2024 04:54:39
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memor...
CVE-2020-5247
- EPSS 2.49%
- Veröffentlicht 28.02.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:33:45
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as ...
CVE-2020-9431
- EPSS 2.71%
- Veröffentlicht 27.02.2020 23:15:13
- Zuletzt bearbeitet 21.11.2024 05:40:37
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-6383
- EPSS 6.38%
- Veröffentlicht 27.02.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:37
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6384
- EPSS 1.64%
- Veröffentlicht 27.02.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:37
Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6386
- EPSS 1.66%
- Veröffentlicht 27.02.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:37
Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6418
- EPSS 78.81%
- Veröffentlicht 27.02.2020 23:15:12
- Zuletzt bearbeitet 24.10.2025 21:04:01
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-9428
- EPSS 3.11%
- Veröffentlicht 27.02.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:37
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.