Total
517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15223 | 1 Ory | 1 Fosite | 2024-08-04 | 8 High |
| In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0 | ||||
| CVE-2020-15117 | 2 Fedoraproject, Symless | 2 Fedora, Synergy | 2024-08-04 | 6.5 Medium |
| In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB. | ||||
| CVE-2020-14304 | 1 Linux | 1 Linux Kernel | 2024-08-04 | 4.4 Medium |
| A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14270 | 1 Hcltech | 1 Domino | 2024-08-04 | 5.3 Medium |
| HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. | ||||
| CVE-2020-13859 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interface without a password by abusing a forgotten-password feature. | ||||
| CVE-2020-13463 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2024-08-04 | 4.6 Medium |
| The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | ||||
| CVE-2020-13467 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2024-08-04 | 4.6 Medium |
| The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | ||||
| CVE-2020-13410 | 1 Aedes Project | 1 Aedes | 2024-08-04 | 7.5 High |
| An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. | ||||
| CVE-2020-12888 | 7 Canonical, Debian, Fedoraproject and 4 more | 45 Ubuntu Linux, Debian Linux, Fedora and 42 more | 2024-08-04 | 5.3 Medium |
| The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. | ||||
| CVE-2020-12105 | 2 Infradead, Opensuse | 2 Openconnect, Leap | 2024-08-04 | 5.9 Medium |
| OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. | ||||
| CVE-2020-11875 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020). | ||||
| CVE-2020-11743 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. | ||||
| CVE-2020-11243 | 1 Qualcomm | 274 Aqt1000, Aqt1000 Firmware, Ar8035 and 271 more | 2024-08-04 | 7.5 High |
| RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | ||||
| CVE-2020-11012 | 1 Minio | 1 Minio | 2024-08-04 | 9.3 Critical |
| MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. | ||||
| CVE-2020-10604 | 1 Osisoft | 1 Pi Data Archive | 2024-08-04 | 7.5 High |
| In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. | ||||
| CVE-2020-10101 | 1 Zammad | 1 Zammad | 2024-08-04 | 7.5 High |
| An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process. | ||||
| CVE-2020-9074 | 1 Huawei | 6 Honor 20, Honor 20 Firmware, Honor 20 Pro and 3 more | 2024-08-04 | 5.3 Medium |
| Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. | ||||
| CVE-2020-8767 | 1 Intel | 1 Quartus Prime | 2024-08-04 | 5.5 Medium |
| Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-7247 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-04 | 9.8 Critical |
| smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | ||||
| CVE-2020-5801 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-08-04 | 7.5 High |
| An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | ||||