A flaw was found in Go standard library packages. Both the net/http/cgi and net/http/fcgi packages use a default Content-Type response header value of "text/html", rather than "text/plain". An attacker could exploit this in applications using these packages by uploading crafted files, allowing for a cross-site scripting attack (XSS) (CVE-2020-24553).
A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request (CVE-2020-25613).
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694) Observable discrepancy in the RAPL interface for some Intel(R) Processors may
Write side effects in MCallGetProperty opcode not accounted for. In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. (CVE-2020-26950)
A buffer overflow from long hostnames. (rhbz#1563939) References: - https://bugs.mageia.org/show_bug.cgi?id=27570 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak3d32a17d9cdc4ddb4c48b41d53b349cf').innerHTML = ''; var prefix = 'ma' + 'il' + 'to'; var path = 'hr' + 'ef' + '='; var addy3d32a17d9cdc4ddb4c48b41d53b349cf = 'package-announce' + '@'; addy3d32a17d9cdc4ddb4c48b41d53b349cf = addy3d32a17d9cdc4ddb4c48b41d53b349cf + 'lists' + '.' + 'fedoraproject' + '.' + 'org'; var addy_text3d32a17d9cdc4ddb4c48b41d53b349cf = 'package-announce' + '@' + 'lists' + '.' + 'fedoraproject' + '.' + 'org';document.getElementById('cloak3d32a17d9cdc4ddb4c48b41d53b349cf').innerHTML += ''+addy_text3d32a17d9cdc4ddb4c48b41d53b349cf+''; /thread/GE44PAF52D6HCPKQ3EYTGSSXBPT5UPYU/
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. (CVE-2020-27153)
High memory usage during deserialization of Proxy class with many interfaces. (CVE-2020-14779) Credentials sent over unencrypted LDAP connection. (CVE-2020-14781)
FAPI PolicyPCR not instatiating correctly (CVE-2020-24455). Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated.
An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. (CVE-2020-26164)
