Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28610 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face(). | |||||
| CVE-2020-28609 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv(). | |||||
| CVE-2020-28608 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc(). | |||||
| CVE-2020-28607 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge(). | |||||
| CVE-2020-28606 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face(). | |||||
| CVE-2020-28605 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex(). | |||||
| CVE-2020-28604 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next(). | |||||
| CVE-2020-28603 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev(). | |||||
| CVE-2020-28602 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[]. | |||||
| CVE-2020-28601 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-28473 | 2 Bottlepy, Debian | 2 Bottle, Debian Linux | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | |||||
| CVE-2020-28374 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. | |||||
| CVE-2020-28368 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. | |||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | |||||
| CVE-2020-28242 | 4 Asterisk, Debian, Fedoraproject and 1 more | 4 Certified Asterisk, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. | |||||
| CVE-2020-28241 | 3 Debian, Fedoraproject, Maxmind | 3 Debian Linux, Fedora, Libmaxminddb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | |||||
| CVE-2020-28169 | 3 Debian, Microsoft, Td-agent-builder Project | 3 Debian Linux, Windows, Td-agent-builder | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
| CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | |||||
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |||||