Количество 18 769
Количество 18 769
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2020-24742
CVE-2020-24659
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure.
CVE-2020-24588
Windows Wireless Networking Spoofing Vulnerability
CVE-2020-24587
Windows Wireless Networking Information Disclosure Vulnerability
CVE-2020-24553
CVE-2020-24455
CVE-2020-24394
CVE-2020-24371
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
CVE-2020-24370
CVE-2020-24352
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service.
CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
CVE-2020-24342
CVE-2020-24332
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files which could possibly lead to a DoS attack.
CVE-2020-24331
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon).
CVE-2020-24330
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user it fails to drop the root gid privilege when no longer needed.
CVE-2020-24241
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
CVE-2020-24025
CVE-2020-22219
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.
CVE-2020-22218
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | CVSS3: 6.5 | 1% Низкий | больше 5 лет назад |
| CVSS3: 7.8 | 1% Низкий | около 4 лет назад | |
| CVE-2020-24659 An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing and then an invalid second handshake occurs. The crash happens in the application's error handling path where the gnutls_deinit function is called after detecting a handshake failure. | CVSS3: 7.5 | 3% Низкий | больше 5 лет назад |
| CVE-2020-24588 Windows Wireless Networking Spoofing Vulnerability | CVSS3: 6.5 | 1% Низкий | больше 4 лет назад |
| CVE-2020-24587 Windows Wireless Networking Information Disclosure Vulnerability | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| CVSS3: 6.1 | 0% Низкий | больше 5 лет назад | |
| CVSS3: 6.7 | 0% Низкий | больше 4 лет назад | |
| CVSS3: 7.1 | 0% Низкий | больше 5 лет назад | |
| CVE-2020-24371 lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. | CVSS3: 5.3 | 0% Низкий | 5 месяцев назад |
| CVSS3: 5.3 | 2% Низкий | больше 1 года назад | |
| CVE-2020-24352 An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service. | CVSS3: 5.5 | 0% Низкий | больше 5 лет назад |
| CVE-2020-24347 njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | CVSS3: 5.5 | 0% Низкий | 5 месяцев назад |
| CVSS3: 7.8 | 0% Низкий | больше 5 лет назад | |
| CVE-2020-24332 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files which could possibly lead to a DoS attack. | CVSS3: 5.5 | 0% Низкий | больше 5 лет назад |
| CVE-2020-24331 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | CVSS3: 7.8 | 0% Низкий | больше 5 лет назад |
| CVE-2020-24330 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user it fails to drop the root gid privilege when no longer needed. | CVSS3: 7.8 | 0% Низкий | больше 5 лет назад |
| CVE-2020-24241 In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | 0% Низкий | 5 месяцев назад | |
| CVSS3: 5.3 | 0% Низкий | больше 2 лет назад | |
| CVE-2020-22219 Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад |
| CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу