CVE-2019-18622 — CVSS 9.8 (critical): An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the…
CVE-2019-13962 — CVSS 9.8 (critical): lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it…
CVE-2020-26935 — CVSS 9.8 (critical): An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered…
CVE-2020-8955 — CVSS 9.8 (critical): irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer…
CVE-2019-9215 — CVSS 9.8 (critical): In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
CVE-2020-17353 — CVSS 9.8 (critical): scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on…
CVE-2020-12640 — CVSS 9.8 (critical): Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to…
CVE-2020-15917 — CVSS 9.8 (critical): common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
CVE-2019-17455 — CVSS 9.8 (critical): Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write…
CVE-2019-17545 — CVSS 9.8 (critical): GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2020-6471 — CVSS 9.6 (critical): Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to…
CVE-2020-15963 — CVSS 9.6 (critical): Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a…
CVE-2020-15961 — CVSS 9.6 (critical): Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a…
CVE-2020-6573 — CVSS 9.6 (critical): Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer…
CVE-2020-16011 — CVSS 9.6 (critical): Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer…
CVE-2020-6465 — CVSS 9.6 (critical): Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer…
CVE-2020-6466 — CVSS 9.6 (critical): Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-6522 — CVSS 9.6 (critical): Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially…
CVE-2020-6469 — CVSS 9.6 (critical): Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to…
CVE-2020-7043 — CVSS 9.1 (critical): An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because…
CVE-2019-9774 — CVSS 9.1 (critical): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
CVE-2019-9775 — CVSS 9.1 (critical): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
CVE-2020-6448 — CVSS 8.8 (high): Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2019-13734 — CVSS 8.8 (high): Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-11008 — CVSS 8.8 (high): In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which…
CVE-2019-13764 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13767 — CVSS 8.8 (high): Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-6559 — CVSS 8.8 (high): Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6390 — CVSS 8.8 (high): Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6533 — CVSS 8.8 (high): Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2019-11505 — CVSS 8.8 (high): In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of…
CVE-2019-20010 — CVSS 8.8 (high): An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
CVE-2019-20011 — CVSS 8.8 (high): An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
CVE-2019-11506 — CVSS 8.8 (high): In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage…
CVE-2020-6534 — CVSS 8.8 (high): Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2020-6467 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6463 — CVSS 8.8 (high): Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6398 — CVSS 8.8 (high): Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6402 — CVSS 8.8 (high): Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to…
CVE-2020-6454 — CVSS 8.8 (high): Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious…
CVE-2020-6404 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6609 — CVSS 8.8 (high): GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVE-2020-6451 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6413 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a…
CVE-2020-6414 — CVSS 8.8 (high): Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation…
CVE-2020-6415 — CVSS 8.8 (high): Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6416 — CVSS 8.8 (high): Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6422 — CVSS 8.8 (high): Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6423 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6424 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6576 — CVSS 8.8 (high): Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6427 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6428 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6429 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6430 — CVSS 8.8 (high): Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-6434 — CVSS 8.8 (high): Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6436 — CVSS 8.8 (high): Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6450 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6449 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6447 — CVSS 8.8 (high): Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user…
CVE-2019-20014 — CVSS 8.8 (high): An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
CVE-2020-6530 — CVSS 8.8 (high): Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a…
CVE-2019-5051 — CVSS 8.8 (high): An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error…
CVE-2019-5052 — CVSS 8.8 (high): An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an…
CVE-2019-5057 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX…
CVE-2019-5058 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF…
CVE-2019-5059 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM…
CVE-2019-5060 — CVSS 8.8 (high): An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image…
CVE-2020-9273 — CVSS 8.8 (high): In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in…
CVE-2020-6525 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6524 — CVSS 8.8 (high): Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6523 — CVSS 8.8 (high): Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13699 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-6520 — CVSS 8.8 (high): Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6518 — CVSS 8.8 (high): Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use…
CVE-2020-6517 — CVSS 8.8 (high): Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2020-6515 — CVSS 8.8 (high): Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6513 — CVSS 8.8 (high): Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2020-15960 — CVSS 8.8 (high): Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds…
CVE-2020-15962 — CVSS 8.8 (high): Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of…
CVE-2020-15964 — CVSS 8.8 (high): Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap…
CVE-2020-15965 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access…
CVE-2020-6512 — CVSS 8.8 (high): Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-15967 — CVSS 8.8 (high): Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2020-15968 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-15969 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-15970 — CVSS 8.8 (high): Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-15971 — CVSS 8.8 (high): Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-15972 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13700 — CVSS 8.8 (high): Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the…
CVE-2020-15974 — CVSS 8.8 (high): Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVE-2020-15975 — CVSS 8.8 (high): Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2020-15976 — CVSS 8.8 (high): Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-8233 — CVSS 8.8 (high): A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary…
CVE-2020-15978 — CVSS 8.8 (high): Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised…
CVE-2020-15979 — CVSS 8.8 (high): Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-15987 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6496 — CVSS 8.8 (high): Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox…
CVE-2020-15990 — CVSS 8.8 (high): Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to…
CVE-2020-15991 — CVSS 8.8 (high): Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer…
CVE-2020-15992 — CVSS 8.8 (high): Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the…
CVE-2020-16000 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap…
CVE-2020-16001 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-16002 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-16003 — CVSS 8.8 (high): Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-16004 — CVSS 8.8 (high): Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-16005 — CVSS 8.8 (high): Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap…
CVE-2020-16006 — CVSS 8.8 (high): Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-16008 — CVSS 8.8 (high): Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption…
CVE-2020-6474 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-24614 — CVSS 8.8 (high): Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An…
CVE-2020-24972 — CVSS 8.8 (high): The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because…
CVE-2020-6468 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-6377 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6381 — CVSS 8.8 (high): Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially…
CVE-2020-6382 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6385 — CVSS 8.8 (high): Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a…
CVE-2019-5736 — CVSS 8.6 (high): runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and…
CVE-2020-8026 — CVSS 8.4 (high): A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows…
CVE-2020-6575 — CVSS 8.3 (high): Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially…
CVE-2020-15229 — CVSS 8.2 (high): Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path…
CVE-2020-13379 — CVSS 8.2 (high): The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated…
CVE-2020-6612 — CVSS 8.1 (high): GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVE-2019-7635 — CVSS 8.1 (high): SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
CVE-2018-16874 — CVSS 8.1 (high): In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path…
CVE-2020-7040 — CVSS 8.1 (high): storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to…
CVE-2018-16873 — CVSS 8.1 (high): In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag…
CVE-2019-13616 — CVSS 8.1 (high): SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c…
CVE-2019-9498 — CVSS 8.1 (high): The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements…
CVE-2019-9499 — CVSS 8.1 (high): The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported…
CVE-2020-6613 — CVSS 8.1 (high): GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVE-2019-11007 — CVSS 8.1 (high): In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which…
CVE-2020-10802 — CVSS 8.0 (high): In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not…
CVE-2020-10804 — CVSS 8.0 (high): In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in…
CVE-2020-14352 — CVSS 8.0 (high): A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in…
CVE-2020-6510 — CVSS 7.8 (high): Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap…
CVE-2020-6477 — CVSS 7.8 (high): Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege…
CVE-2019-13706 — CVSS 7.8 (high): Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap…
CVE-2020-14004 — CVSS 7.8 (high): An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod…
CVE-2020-6574 — CVSS 7.8 (high): Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially…
CVE-2019-9896 — CVSS 7.8 (high): In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same…
CVE-2020-16007 — CVSS 7.8 (high): Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege…
CVE-2019-14744 — CVSS 7.8 (high): In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user…
CVE-2020-15396 — CVSS 7.8 (high): In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a…
CVE-2020-15980 — CVSS 7.8 (high): Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation…
CVE-2019-13702 — CVSS 7.8 (high): Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege…
CVE-2019-5164 — CVSS 7.8 (high): An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets…
CVE-2020-15983 — CVSS 7.8 (high): Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content…
CVE-2019-14846 — CVSS 7.8 (high): In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG…
CVE-2019-13602 — CVSS 7.8 (high): An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote…
CVE-2019-3692 — CVSS 7.7 (high): The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to…
CVE-2019-3693 — CVSS 7.7 (high): A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE…
CVE-2019-9778 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
CVE-2020-9272 — CVSS 7.5 (high): ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
CVE-2020-8164 — CVSS 7.5 (high): A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply…
CVE-2019-19926 — CVSS 7.5 (high): multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite()…
CVE-2018-19052 — CVSS 7.5 (high): An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a…
CVE-2019-20637 — CVSS 7.5 (high): An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a…
CVE-2020-25032 — CVSS 7.5 (high): An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private…
CVE-2020-25829 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the…
CVE-2020-16118 — CVSS 7.5 (high): In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by…
CVE-2019-5796 — CVSS 7.5 (high): Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-19925 — CVSS 7.5 (high): zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19923 — CVSS 7.5 (high): flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…
CVE-2019-9770 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at…
CVE-2019-9771 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
CVE-2019-9772 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
CVE-2019-9773 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at…
CVE-2019-9776 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec…
CVE-2019-9777 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at…
CVE-2019-9779 — CVSS 7.5 (high): An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec…
CVE-2020-10593 — CVSS 7.5 (high): Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak)…
CVE-2019-19880 — CVSS 7.5 (high): exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values…
CVE-2020-10995 — CVSS 7.5 (high): PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS…
CVE-2020-11653 — CVSS 7.5 (high): An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when…
CVE-2020-6095 — CVSS 7.5 (high): An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially…
CVE-2020-12244 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA…
CVE-2019-16159 — CVSS 7.5 (high): BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC…
CVE-2020-12672 — CVSS 7.5 (high): GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2020-12066 — CVSS 7.5 (high): CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
CVE-2019-12098 — CVSS 7.4 (high): In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle…
CVE-2020-12050 — CVSS 7.0 (high): SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation…
CVE-2019-18932 — CVSS 7.0 (high): log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary…
CVE-2020-6400 — CVSS 6.5 (medium): Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-10206 — CVSS 6.5 (medium): ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt…
CVE-2019-11474 — CVSS 6.5 (medium): coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by…
CVE-2019-11779 — CVSS 6.5 (medium): In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of…
CVE-2019-12221 — CVSS 6.5 (medium): An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image…
CVE-2019-12921 — CVSS 6.5 (medium): In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of…