DEBIAN-CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

CVE-2020-11763

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

Design/Logic Flaw

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

UBUNTU-CVE-2020-11763

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

CVE-2020-11763

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp...

UBUNTU-CVE-2020-5260

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

The vulnerability in the arch/powerpc/kernel/process.c component of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability in the arch/powerpc/kernel/process.c component of the Linux operating system’s kernel PowerPC microprocessor architecture is related to the lack of protection for service data. Exploiting this vulnerability allows an attacker to compromise the confidentiality and accessibility o...

Denial Of Service (DoS)

xen is vulnerable to denial of service. A local user is able to crash the system through infinite loop and excessive resource consumption via unspecified vector...

Use-after-free

WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...

Oracle Linux 8 : kernel (ELSA-2020-1372)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1372 advisory. - hid hiddev: do cleanup in failure of opening a device Benjamin Tissoires 1803458 1803460 CVE-2019-19527 - hid hiddev: avoid opening a disconnected...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-31270)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to run applications in a locked Secure Folder without a password...

CVE-2020-6828

The Mozilla Foundation Security Advisory describes this flaw as: A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to...

kernel: powerpc: local user can read vector registers of other users' processes via an interrupt

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes during a hardware interrupt. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupted with...

kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception

A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes via a Facility Unavailable exception. An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupte...

GHSA-VH95-RMGR-6W4M Prototype Pollution in minimist

Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --proto.y=Polluted...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

Removed by vendor...

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...