Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2020-35488: GitHub - GuillaumePetit84/CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)

CVE
Open in Source
#vulnerability#web#windows#ubuntu#linux#debian#dos#apache#git
CVE-2020-26422: Buildbot crash output: fuzz-2020-12-09-3589621.pcap (#17073) · Issues · Wireshark Foundation / wireshark · GitLab

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CVE-2020-26419: Buildbot crash output: fuzz-2020-11-19-20476.pcap (#17032) · Issues · Wireshark Foundation / wireshark · GitLab

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

CVE-2020-26418: Buildbot crash output: fuzz-2020-07-28-14741.pcap (#16739) · Issues · Wireshark Foundation / wireshark · GitLab

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVE-2020-13584: TALOS-2020-1195 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

CVE-2020-28975: Segmentation fault on SVMLIB · Issue #18891 · scikit-learn/scikit-learn

** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.

CVE-2020-28241: A heap-buffer-overflow in maxminddb.c:2019:13 · Issue #236 · maxmind/libmaxminddb

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

CVE-2020-27387: Add HorizontCMS 1.0.0-beta exploit module and documentation by ErikWynter · Pull Request #14340 · rapid7/metasploit-framework

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.