Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2020-29368: git/torvalds/linux.git - Linux kernel source tree

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

CVE
#google#linux#git#intel#rce
CVE-2020-29136: 90 Change Log

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

CVE-2020-28136: OffSec’s Exploit Database Archive

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

CVE-2020-28268: Mend Vulnerability Database

Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.

CVE-2020-6156: TALOS-2020-1094 || Cisco Talos Intelligence Group

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.

CVE-2020-6155: TALOS-2020-1101 || Cisco Talos Intelligence Group

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVE-2020-28269: field/field.js at 2a3811dfc4cdd13833977477d2533534fc61ce06 · jprichardson/field

Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

CVE-2020-28271: fix vulnerability reported by whitesource software · sharpred/deepHas@2fe0117

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CVE-2020-8698: INTEL-SA-00381

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.