Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
Source: Canonical Ltd.
Max CVSS
9.3
EPSS Score
0.09%
Published
2023-06-06
Updated
2023-06-15
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
Source: Canonical Ltd.
Max CVSS
10.0
EPSS Score
0.06%
Published
2023-09-01
Updated
2023-09-08
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.17%
Published
2022-01-31
Updated
2022-07-12
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
Source: CERT/CC
Max CVSS
9.0
EPSS Score
18.05%
Published
2022-02-21
Updated
2023-09-17
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.33%
Published
2020-11-02
Updated
2022-06-29
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
Source: Red Hat, Inc.
Max CVSS
9.0
EPSS Score
0.12%
Published
2022-02-18
Updated
2023-09-17
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Source: MITRE
Max CVSS
10.0
EPSS Score
61.44%
Published
2020-09-09
Updated
2022-12-06
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Source: MITRE
Max CVSS
9.8
EPSS Score
2.18%
Published
2020-09-09
Updated
2022-12-06
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.51%
Published
2020-07-28
Updated
2022-04-27
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
Source: Canonical Ltd.
Max CVSS
9.3
EPSS Score
0.05%
Published
2020-11-06
Updated
2024-02-08
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.54%
Published
2020-08-10
Updated
2020-08-21
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.45%
Published
2020-08-10
Updated
2023-02-02
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.18%
Published
2020-07-17
Updated
2022-04-28
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.39%
Published
2020-07-14
Updated
2023-01-28
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.22%
Published
2020-05-21
Updated
2023-01-27
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.73%
Published
2020-07-09
Updated
2022-05-03
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.86%
Published
2020-07-09
Updated
2023-01-27
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.73%
Published
2020-07-09
Updated
2022-05-03
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.29%
Published
2020-07-09
Updated
2022-05-03
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Source: Mozilla Corporation
Max CVSS
9.3
EPSS Score
0.31%
Published
2020-07-09
Updated
2023-01-27
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Source: Mozilla Corporation
Max CVSS
10.0
EPSS Score
0.76%
Published
2020-05-26
Updated
2022-04-26
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
Source: MITRE
Max CVSS
10.0
EPSS Score
4.98%
Published
2020-04-28
Updated
2022-04-29
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
Source: Apache Software Foundation
Max CVSS
9.8
EPSS Score
1.53%
Published
2020-08-07
Updated
2021-06-06
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
Source: MITRE
Max CVSS
9.8
EPSS Score
13.80%
Published
2020-04-23
Updated
2021-03-17

CVE-2020-11651

Known exploited
Public exploit
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Source: MITRE
Max CVSS
9.8
EPSS Score
97.48%
Published
2020-04-30
Updated
2022-07-12
CISA KEV Added
2021-11-03
594 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!