Canonical » Ubuntu Linux » 19.10 : Security Vulnerabilities, CVEs, Published In 2020 (Code Execution) CVSS score >= 4
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
Max CVSS
9.8
EPSS Score
12.34%
Published
2020-04-23
Updated
2021-03-17
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Max CVSS
8.8
EPSS Score
1.59%
Published
2020-04-17
Updated
2020-06-13
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Max CVSS
8.8
EPSS Score
2.80%
Published
2020-04-02
Updated
2022-10-06
CVE-2020-8794
Public exploit
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Max CVSS
10.0
EPSS Score
93.69%
Published
2020-02-25
Updated
2022-10-08
4 vulnerabilities found