2020-06-11 | CVE-2020-0198 | Integer Overflow or Wraparound vulnerability in multiple products In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. | 7.5 |
2020-06-11 | CVE-2020-0181 | Integer Overflow or Wraparound vulnerability in multiple products In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. | 7.5 |
2020-06-09 | CVE-2020-13977 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 4.9 |
2020-06-09 | CVE-2020-13962 | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. | 7.5 |
2020-06-06 | CVE-2020-13871 | Use After Free vulnerability in multiple products SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | 7.5 |
2020-06-03 | CVE-2020-11080 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. | 7.5 |
2020-05-26 | CVE-2020-13614 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in ssl.c in Axel before 2.17.8. | 5.9 |
2020-05-25 | CVE-2020-13482 | Improper Certificate Validation vulnerability in multiple products EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. | 7.4 |
2020-05-22 | CVE-2020-11077 | In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. | 7.5 |
2020-05-22 | CVE-2020-11076 | In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. | 7.5 |