Multiple vulnerabilities have been discovered in Bitcoin. In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. (CVE-2020-26215) References: - https://bugs.mageia.org/show_bug.cgi?id=27705 - https://www.debian.org/lts/security/2020/dla-2477
A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-14360).
The updated packages fix some problems found in version 86 and security vulnerabilities. References: - https://bugs.mageia.org/show_bug.cgi?id=27630
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. (CVE-2020-29074) References: - https://bugs.mageia.org/show_bug.cgi?id=27684
Filename manipulation vulnerabilities (CVE-2020-28948 / CVE-2020-28949) Updated also Archive_Tar to 1.4.11. References: - https://bugs.mageia.org/show_bug.cgi?id=27664
In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c (CVE-2020-26159). References:
It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service (CVE-2019-9674). It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable (CVE-2020-26970).
