CVE-2020-9365
- EPSS 7.11%
- Veröffentlicht 24.02.2020 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:40:29
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
CVE-2019-18182
- EPSS 3.67%
- Veröffentlicht 24.02.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:47
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand...
CVE-2019-18183
- EPSS 3.67%
- Veröffentlicht 24.02.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:32:47
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feat...
CVE-2020-8130
- EPSS 1.36%
- Veröffentlicht 24.02.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 05:38:21
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2019-20044
- EPSS 0.5%
- Veröffentlicht 24.02.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:37:56
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload wit...
CVE-2020-8813
- EPSS 73.78%
- Veröffentlicht 22.02.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 05:39:29
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2015-4410
- EPSS 5.66%
- Veröffentlicht 20.02.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 02:31:00
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a cra...
CVE-2015-4411
- EPSS 6.37%
- Veröffentlicht 20.02.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 02:31:00
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to...
- EPSS 12.05%
- Veröffentlicht 20.02.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:19
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVE-2020-9308
- EPSS 2.25%
- Veröffentlicht 20.02.2020 07:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:23
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.