Max CVSS 9.3 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-28949 6.8
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
28-06-2024 - 14:06 19-11-2020 - 19:15
CVE-2018-1311 6.8
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl
21-06-2024 - 16:11 18-12-2019 - 20:15
CVE-2020-26932 4.0
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
08-11-2022 - 13:54 10-10-2020 - 18:15
CVE-2020-10936 7.2
Sympa before 6.2.56 allows privilege escalation.
08-11-2022 - 03:47 27-05-2020 - 18:15
CVE-2020-26217 9.3
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone
28-10-2022 - 17:40 16-11-2020 - 21:15
CVE-2020-35479 4.3
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects Me
05-10-2022 - 16:09 18-12-2020 - 08:15
CVE-2020-35605 7.5
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
01-09-2022 - 19:43 21-12-2020 - 20:15
CVE-2020-27783 4.3
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbit
06-08-2022 - 03:49 03-12-2020 - 17:15
CVE-2020-29479 7.2
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certai
26-04-2022 - 16:12 15-12-2020 - 18:15
CVE-2020-29668 4.3
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
26-04-2022 - 16:12 10-12-2020 - 08:15
CVE-2020-35480 5.0
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing s
08-04-2022 - 14:21 18-12-2020 - 08:15
CVE-2020-35477 5.0
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries"
08-04-2022 - 14:20 18-12-2020 - 08:15
CVE-2020-35475 5.0
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side
08-04-2022 - 14:19 18-12-2020 - 08:15
CVE-2020-28948 6.8
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
30-03-2022 - 14:32 19-11-2020 - 19:15
CVE-2020-9369 5.0
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
01-01-2022 - 19:28 24-02-2020 - 18:15
CVE-2020-29570 4.9
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also re
10-12-2021 - 02:04 15-12-2020 - 17:15
CVE-2020-29566 4.9
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that th
10-12-2021 - 02:00 15-12-2020 - 17:15
CVE-2020-29571 4.9
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consum
10-12-2021 - 01:57 15-12-2020 - 17:15
CVE-2020-29486 4.9
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded nu
10-12-2021 - 01:49 15-12-2020 - 18:15
CVE-2020-29480 2.1
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created
21-07-2021 - 11:39 15-12-2020 - 18:15
CVE-2020-29481 4.6
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid wil
21-07-2021 - 11:39 15-12-2020 - 18:15
CVE-2020-29482 4.9
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must acce
16-03-2021 - 13:03 15-12-2020 - 18:15
CVE-2020-29483 4.9
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by
16-03-2021 - 12:58 15-12-2020 - 18:15
CVE-2020-29484 4.9
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that wa
16-03-2021 - 12:44 15-12-2020 - 18:15
CVE-2020-29485 4.9
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems usin
16-03-2021 - 12:39 15-12-2020 - 18:15
CVE-2004-0010 7.2
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0109 4.6
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2004-0178 2.1
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2004-0177 5.0
The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain por
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2004-0003 4.6
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
11-10-2017 - 01:29 03-03-2004 - 05:00
Back to Top Mark selected
Back to Top