| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33742 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
2 |
CVE-2022-33741 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
3 |
CVE-2022-33740 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
4 |
CVE-2022-27774 |
522 |
|
|
2022-06-02 |
2023-02-23 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. |
|
5 |
CVE-2022-26874 |
79 |
|
XSS |
2022-03-11 |
2022-10-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. |
|
6 |
CVE-2022-26365 |
200 |
|
+Info |
2022-07-05 |
2022-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
|
7 |
CVE-2022-24851 |
79 |
|
XSS |
2022-04-15 |
2022-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1. |
|
8 |
CVE-2022-23181 |
367 |
|
|
2022-01-27 |
2022-11-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. |
|
9 |
CVE-2022-21662 |
79 |
|
XSS |
2022-01-06 |
2022-04-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. |
|
10 |
CVE-2022-1462 |
362 |
|
|
2022-06-02 |
2022-10-29 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. |
|
11 |
CVE-2022-1353 |
|
|
+Priv +Info |
2022-04-29 |
2022-12-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. |
|
12 |
CVE-2021-41229 |
401 |
|
|
2021-11-12 |
2022-11-07 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. |
|
13 |
CVE-2021-41136 |
444 |
|
|
2021-10-12 |
2022-10-12 |
3.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
None |
|
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. |
|
14 |
CVE-2021-39201 |
79 |
|
XSS Bypass |
2021-09-09 |
2021-12-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. ### Impact The issue allows an authenticated but low-privileged user (like contributor/author) to execute XSS in the editor. This bypasses the restrictions imposed on users who do not have the permission to post `unfiltered_html`. ### Patches This has been patched in WordPress 5.8, and will be pushed to older versions via minor releases (automatic updates). It's strongly recommended that you keep auto-updates enabled to receive the fix. ### References https://wordpress.org/news/category/releases/ https://hackerone.com/reports/1142140 ### For more information If you have any questions or comments about this advisory: * Open an issue in [HackerOne](https://hackerone.com/wordpress) |
|
15 |
CVE-2021-38199 |
|
|
DoS |
2021-08-08 |
2021-12-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection. |
|
16 |
CVE-2021-37695 |
79 |
|
XSS |
2021-08-13 |
2022-02-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. |
|
17 |
CVE-2021-34428 |
613 |
|
|
2021-06-22 |
2022-05-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. |
|
18 |
CVE-2021-32610 |
59 |
|
|
2021-07-30 |
2022-01-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. |
|
19 |
CVE-2021-28544 |
200 |
|
+Info |
2022-04-12 |
2023-02-11 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. |
|
20 |
CVE-2021-27364 |
125 |
|
|
2021-03-07 |
2021-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
|
21 |
CVE-2021-27363 |
|
|
|
2021-03-07 |
2022-05-23 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. |
|
22 |
CVE-2021-26676 |
|
|
+Info |
2021-02-09 |
2022-05-06 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
|
23 |
CVE-2021-25217 |
119 |
|
Overflow |
2021-05-26 |
2022-10-29 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. |
|
24 |
CVE-2021-23225 |
79 |
|
XSS |
2022-01-19 |
2022-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. |
|
25 |
CVE-2021-4002 |
401 |
|
|
2022-03-03 |
2023-02-22 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. |
|
26 |
CVE-2021-3507 |
119 |
|
Overflow +Info |
2021-05-06 |
2023-02-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. |
|
27 |
CVE-2021-1094 |
119 |
|
DoS Overflow |
2021-07-22 |
2022-03-09 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. |
|
28 |
CVE-2021-1056 |
276 |
|
DoS |
2021-01-08 |
2022-03-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. |
|
29 |
CVE-2020-29443 |
125 |
|
|
2021-01-26 |
2022-09-30 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. |
|
30 |
CVE-2020-29374 |
362 |
|
|
2020-11-28 |
2022-04-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. |
|
31 |
CVE-2020-28049 |
362 |
|
|
2020-11-04 |
2021-01-28 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. |
|
32 |
CVE-2020-27171 |
193 |
|
+Info |
2021-03-20 |
2022-07-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
|
33 |
CVE-2020-26298 |
79 |
|
XSS |
2021-01-11 |
2022-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. |
|
34 |
CVE-2020-26147 |
|
|
|
2021-05-11 |
2022-07-12 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. |
|
35 |
CVE-2020-25651 |
200 |
|
DoS +Info |
2020-11-26 |
2021-10-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. |
|
36 |
CVE-2020-25211 |
120 |
|
Overflow |
2020-09-09 |
2022-11-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. |
|
37 |
CVE-2020-15810 |
444 |
|
Bypass |
2020-09-02 |
2021-03-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. |
|
38 |
CVE-2020-15257 |
669 |
|
+Priv |
2020-12-01 |
2022-01-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix [email protected]**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. |
|
39 |
CVE-2020-14393 |
787 |
|
Overflow |
2020-09-16 |
2022-12-06 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. |
|
40 |
CVE-2020-13696 |
863 |
|
|
2020-06-08 |
2022-04-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. |
|
41 |
CVE-2020-13361 |
787 |
|
|
2020-05-28 |
2022-11-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
|
42 |
CVE-2020-12863 |
125 |
|
|
2020-06-24 |
2022-11-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. |
|
43 |
CVE-2020-12862 |
125 |
|
|
2020-06-24 |
2022-11-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. |
|
44 |
CVE-2020-11736 |
22 |
|
Dir. Trav. |
2020-04-13 |
2022-04-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. |
|
45 |
CVE-2020-11526 |
125 |
|
|
2020-05-15 |
2022-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. |
|
46 |
CVE-2020-11525 |
125 |
|
|
2020-05-15 |
2022-07-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. |
|
47 |
CVE-2020-11048 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. |
|
48 |
CVE-2020-11046 |
119 |
|
Overflow |
2020-05-07 |
2021-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. |
|
49 |
CVE-2020-11030 |
79 |
|
XSS |
2020-04-30 |
2020-05-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
50 |
CVE-2020-11026 |
79 |
|
XSS |
2020-04-30 |
2023-03-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
