Total
33636 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10854 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). | |||||
| CVE-2020-10853 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). | |||||
| CVE-2020-10841 | 2 Google, Samsung | 2 Android, Exynos 9610 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020). | |||||
| CVE-2020-10839 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). | |||||
| CVE-2020-10834 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). | |||||
| CVE-2020-10830 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020). | |||||
| CVE-2020-10800 | 1 Lix Project | 1 Lix | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field. | |||||
| CVE-2020-10787 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). | |||||
| CVE-2020-10783 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
| Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files. | |||||
| CVE-2020-10768 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-10767 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-10766 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-10731 | 1 Redhat | 1 Openstack Platform | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. | |||||
| CVE-2020-10678 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges. | |||||
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | |||||
| CVE-2020-10622 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | |||||
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | |||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | |||||
| CVE-2020-10590 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console. | |||||
| CVE-2020-10587 | 2 Antixlinux, Mxlinux | 2 Antix Linux, Mx Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | |||||