Security Vulnerabilities - CVEs Published In October 2020
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-10-02
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-10-02
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-10-02
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVSS Score
3.2
EPSS Score
0.002
Published
2020-10-02
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
CVSS Score
8.8
EPSS Score
0.803
Published
2020-10-02
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-10-02
REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout.
CVSS Score
7.4
EPSS Score
0.003
Published
2020-10-02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-10-02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).
CVSS Score
9.8
EPSS Score
0.0
Published
2020-10-02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-10-02