Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2020-17495 —
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
Published: August 11, 2020; 05:15:10 PM -04:00
-
CVE-2020-13175 —
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthen... read CVE-2020-13175
Published: August 11, 2020; 02:15:12 PM -04:00
-
CVE-2020-15656 —
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firef... read CVE-2020-15656
Published: August 10, 2020; 02:15:12 PM -04:00
-
CVE-2020-12648 —
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Published: August 14, 2020; 10:15:12 AM -04:00
-
CVE-2020-16287 —
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:12 PM -04:00
-
CVE-2020-16289 —
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:12 PM -04:00
-
CVE-2020-16290 —
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:12 PM -04:00
-
CVE-2020-16291 —
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:12 PM -04:00
-
CVE-2020-16292 —
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:13 PM -04:00
-
CVE-2020-16293 —
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fix... read CVE-2020-16293
Published: August 12, 2020; 11:15:13 PM -04:00
-
CVE-2020-16294 —
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:13 PM -04:00
-
CVE-2012-1610 —
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: th... read CVE-2012-1610
Published: June 05, 2012; 06:55:10 PM -04:00
-
CVE-2020-16295 —
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:13 PM -04:00
-
CVE-2020-16296 —
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Published: August 12, 2020; 11:15:13 PM -04:00
-
CVE-2020-15658 —
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This v... read CVE-2020-15658
Published: August 10, 2020; 02:15:12 PM -04:00
-
CVE-2020-15902 —
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
Published: July 22, 2020; 06:15:11 PM -04:00
-
CVE-2020-0305 —
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:... read CVE-2020-0305
Published: July 17, 2020; 04:15:11 PM -04:00
-
CVE-2019-20908 —
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
Published: July 15, 2020; 06:15:13 PM -04:00
-
CVE-2020-10769 —
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment bou... read CVE-2020-10769
Published: June 26, 2020; 12:15:12 PM -04:00
-
CVE-2020-10135 —
Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, ad... read CVE-2020-10135
Published: May 19, 2020; 12:15:11 PM -04:00