| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-1055 |
416 |
|
+Priv |
2022-03-29 |
2022-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 |
|
2 |
CVE-2021-4120 |
20 |
|
|
2022-02-17 |
2022-03-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
|
3 |
CVE-2021-3444 |
125 |
|
Exec Code |
2021-03-23 |
2021-12-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. |
|
4 |
CVE-2020-29385 |
835 |
|
DoS Exec Code |
2020-12-26 |
2021-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. |
|
5 |
CVE-2020-29372 |
362 |
|
|
2020-11-28 |
2022-10-06 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. |
|
6 |
CVE-2020-28040 |
352 |
|
CSRF |
2020-11-02 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. |
|
7 |
CVE-2020-27348 |
427 |
|
Exec Code |
2020-12-04 |
2020-12-14 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. |
|
8 |
CVE-2020-25739 |
79 |
|
XSS |
2020-09-23 |
2023-01-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson. |
|
9 |
CVE-2020-25641 |
835 |
|
DoS |
2020-10-06 |
2022-11-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. |
|
10 |
CVE-2020-25285 |
362 |
|
|
2020-09-13 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. |
|
11 |
CVE-2020-25212 |
787 |
|
|
2020-09-09 |
2022-04-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. |
|
12 |
CVE-2020-24654 |
59 |
|
|
2020-09-02 |
2022-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. |
|
13 |
CVE-2020-17538 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
14 |
CVE-2020-16310 |
369 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
15 |
CVE-2020-16309 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. |
|
16 |
CVE-2020-16308 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
17 |
CVE-2020-16307 |
476 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
|
18 |
CVE-2020-16306 |
476 |
|
DoS |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
|
19 |
CVE-2020-16305 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
20 |
CVE-2020-16304 |
787 |
|
Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. |
|
21 |
CVE-2020-16302 |
120 |
|
Overflow |
2020-08-13 |
2022-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. |
|
22 |
CVE-2020-16301 |
120 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
23 |
CVE-2020-16300 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
24 |
CVE-2020-16299 |
369 |
|
DoS |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
25 |
CVE-2020-16298 |
120 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
26 |
CVE-2020-16297 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
27 |
CVE-2020-16296 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
28 |
CVE-2020-16295 |
476 |
|
DoS |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
29 |
CVE-2020-16294 |
120 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
30 |
CVE-2020-16293 |
476 |
|
DoS |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
31 |
CVE-2020-16292 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
32 |
CVE-2020-16291 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
33 |
CVE-2020-16290 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
34 |
CVE-2020-16289 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
35 |
CVE-2020-16288 |
120 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
36 |
CVE-2020-16287 |
787 |
|
DoS Overflow |
2020-08-13 |
2022-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
|
37 |
CVE-2020-16166 |
330 |
|
+Info |
2020-07-30 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
|
38 |
CVE-2020-16135 |
476 |
|
|
2020-07-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. |
|
39 |
CVE-2020-16119 |
416 |
|
|
2021-01-14 |
2022-01-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. |
|
40 |
CVE-2020-16116 |
22 |
|
Dir. Trav. |
2020-08-03 |
2022-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. |
|
41 |
CVE-2020-15863 |
787 |
|
DoS Exec Code Overflow |
2020-07-28 |
2022-09-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. |
|
42 |
CVE-2020-15811 |
444 |
|
Http R.Spl. Bypass |
2020-09-02 |
2021-03-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. |
|
43 |
CVE-2020-15708 |
732 |
|
Exec Code |
2020-11-06 |
2020-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. |
|
44 |
CVE-2020-15707 |
362 |
|
Exec Code Overflow Bypass |
2020-07-29 |
2021-09-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. |
|
45 |
CVE-2020-15706 |
362 |
|
Exec Code Bypass |
2020-07-29 |
2022-11-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. |
|
46 |
CVE-2020-15705 |
347 |
|
Bypass |
2020-07-29 |
2022-04-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. |
|
47 |
CVE-2020-15702 |
367 |
|
Exec Code |
2020-08-06 |
2023-01-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. |
|
48 |
CVE-2020-15658 |
754 |
|
|
2020-08-10 |
2023-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
|
49 |
CVE-2020-15655 |
|
|
Bypass |
2020-08-10 |
2022-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
|
50 |
CVE-2020-15654 |
835 |
|
|
2020-08-10 |
2023-02-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
