| 2020-08-05 | CVE-2020-15113 | In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. | 7.1 |
| 2020-08-05 | CVE-2020-15112 | Improper Validation of Array Index vulnerability in multiple products
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. | 6.5 |
| 2020-08-05 | CVE-2020-15106 | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. | 6.5 |
| 2020-08-05 | CVE-2020-17353 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | 9.8 |
| 2020-08-05 | CVE-2020-14344 | Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. | 6.7 |
| 2020-08-03 | CVE-2020-16116 | Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | 3.3 |
| 2020-08-03 | CVE-2020-16269 | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | 5.5 |
| 2020-07-30 | CVE-2020-16166 | Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. | 3.7 |
| 2020-07-29 | CVE-2020-16135 | NULL Pointer Dereference vulnerability in multiple products
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | 5.9 |
| 2020-07-28 | CVE-2020-16094 | Uncontrolled Recursion vulnerability in multiple products
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. | 7.5 |