Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12066 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | |||||
CVE-2020-1739 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2024-02-04 | 3.3 LOW | 3.9 LOW |
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. | |||||
CVE-2020-2767 | 5 Canonical, Debian, Netapp and 2 more | 20 Ubuntu Linux, Debian Linux, 7-mode Transition Tool and 17 more | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | |||||
CVE-2020-16305 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
CVE-2020-16845 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | |||||
CVE-2020-6449 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-16300 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
CVE-2020-6536 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. | |||||
CVE-2020-12673 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | |||||
CVE-2020-6447 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-11945 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). | |||||
CVE-2020-7065 | 4 Canonical, Debian, Php and 1 more | 4 Ubuntu Linux, Debian Linux, Php and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. | |||||
CVE-2020-3481 | 4 Canonical, Clamav, Debian and 1 more | 4 Ubuntu Linux, Clamav, Debian Linux and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
CVE-2020-1772 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | |||||
CVE-2020-10936 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Sympa before 6.2.56 allows privilege escalation. | |||||
CVE-2020-3341 | 4 Canonical, Cisco, Debian and 1 more | 4 Ubuntu Linux, Clam Antivirus, Debian Linux and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | |||||
CVE-2020-16297 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | |||||
CVE-2020-6519 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
CVE-2020-16304 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | |||||
CVE-2020-14332 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. |