The crypto/x509 package of Go prior to 1.10.6 and 1.11.x prior to 1.11.3 does not limit the amount of work performed for each chain verification, which might allow malicious users to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
opensuse leap 42.3
docker release version 2020-11-09 2501 Upgrades Compose CLI v102 Snyk v14242 Bug fixes and minor changes Fixed an issue that caused Docker Desktop to crash on MacOS 110 (Big Sur) when VirtualBox was also installed See docker/for-mac#4997 2020-11-09 2500 This release contains a Kubernetes upgrade Your local Kubernetes cluster will be reset after install
PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745
PoC auto collect from GitHub.
PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr