cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
Max CVSS
9.8
EPSS Score
12.34%
Published
2020-04-23
Updated
2021-03-17
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
Max CVSS
8.8
EPSS Score
1.59%
Published
2020-04-17
Updated
2020-06-13
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Max CVSS
8.8
EPSS Score
2.80%
Published
2020-04-02
Updated
2022-10-06

CVE-2020-8794

Public exploit
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Max CVSS
10.0
EPSS Score
93.69%
Published
2020-02-25
Updated
2022-10-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!