Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-15811 | 4.0 |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
|
02-02-2024 - 03:04 | 02-09-2020 - 17:15 | |
CVE-2020-8624 | 4.0 |
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to ch
|
10-02-2023 - 17:42 | 21-08-2020 - 21:15 | |
CVE-2020-14347 | 2.1 |
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before v
|
03-02-2023 - 16:28 | 05-08-2020 - 14:15 | |
CVE-2020-17353 | 7.5 |
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
|
24-01-2023 - 02:42 | 05-08-2020 - 14:15 | |
CVE-2020-11763 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11760 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11764 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11765 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11762 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11761 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11759 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-11758 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2020-8619 | 4.0 |
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone
|
07-10-2022 - 15:26 | 17-06-2020 - 22:15 | |
CVE-2020-9490 | 5.0 |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
|
07-10-2022 - 12:58 | 07-08-2020 - 16:15 | |
CVE-2020-24654 | 4.3 |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
|
12-09-2022 - 03:54 | 02-09-2020 - 17:15 | |
CVE-2020-15306 | 2.1 |
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
|
02-09-2022 - 15:45 | 26-06-2020 - 01:15 | |
CVE-2020-15305 | 2.1 |
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
|
02-09-2022 - 15:43 | 26-06-2020 - 01:15 | |
CVE-2020-1927 | 5.8 |
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
|
25-07-2022 - 18:15 | 02-04-2020 - 00:15 | |
CVE-2020-8623 | 4.3 |
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To
|
28-04-2022 - 18:27 | 21-08-2020 - 21:15 | |
CVE-2020-1934 | 5.0 |
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
|
26-04-2022 - 17:05 | 01-04-2020 - 20:15 | |
CVE-2020-8622 | 4.0 |
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed re
|
02-12-2021 - 22:19 | 21-08-2020 - 21:15 | |
CVE-2020-24606 | 7.1 |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digest
|
21-07-2021 - 11:39 | 24-08-2020 - 18:15 | |
CVE-2020-11984 | 7.5 |
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-11993 | 4.3 |
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-15810 | 3.5 |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
|
17-03-2021 - 15:21 | 02-09-2020 - 17:15 | |
CVE-2020-11724 | 5.0 |
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
|
29-01-2021 - 16:33 | 12-04-2020 - 21:15 | |
CVE-2020-15810 | 3.5 |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
|
30-09-2020 - 22:15 | 02-09-2020 - 17:15 | |
CVE-2020-24606 | 7.1 |
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digest
|
30-09-2020 - 22:15 | 24-08-2020 - 18:15 | |
CVE-2020-15811 | 4.0 |
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s
|
30-09-2020 - 22:15 | 02-09-2020 - 17:15 | |
CVE-2020-24654 | 4.3 |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
|
25-09-2020 - 19:15 | 02-09-2020 - 17:15 | |
CVE-2017-9114 | 4.3 |
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
|
30-08-2020 - 22:15 | 21-05-2017 - 18:29 | |
CVE-2017-9113 | 4.3 |
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
|
30-08-2020 - 22:15 | 21-05-2017 - 18:29 | |
CVE-2017-9115 | 6.8 |
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
|
30-08-2020 - 22:15 | 21-05-2017 - 18:29 | |
CVE-2017-9111 | 6.8 |
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
|
30-08-2020 - 22:15 | 21-05-2017 - 18:29 | |
CVE-2019-13290 | 6.8 |
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the a
|
30-08-2020 - 00:15 | 04-07-2019 - 22:15 | |
CVE-2003-0985 | 7.2 |
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
|
03-05-2018 - 01:29 | 20-01-2004 - 05:00 | |
CVE-2004-0077 | 7.2 |
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
|
03-05-2018 - 01:29 | 03-03-2004 - 05:00 | |
CVE-2003-0961 | 7.2 |
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
|
18-10-2016 - 02:38 | 15-12-2003 - 05:00 |