|
211221
|
9.8 |
CRITICAL
Network
|
microsoft
|
office
365_apps
|
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
|
NVD-CWE-noinfo
|
CVE-2020-0901
|
2024-11-21 13:54 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211222
|
5.4 |
MEDIUM
Adjacent
|
bluetooth
opensuse
|
bluetooth_core
leap
|
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing crede…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-10135
|
2024-11-21 13:54 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211223
|
6.3 |
MEDIUM
Adjacent
|
bluetooth
|
bluetooth_core
|
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates differen…
|
CWE-436
Interpretation Conflict
|
CVE-2020-10134
|
2024-11-21 13:54 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211224
|
8.8 |
HIGH
Network
|
powerdns
|
recursor
|
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memor…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-10030
|
2024-11-21 13:54 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211225
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from d…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-10067
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211226
|
6.5 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would re…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2020-10060
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211227
|
4.8 |
MEDIUM
Network
|
zephyrproject
|
zephyr
|
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using D…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-10059
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211228
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: ze…
|
CWE-20
Improper Input Validation
|
CVE-2020-10058
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211229
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
|
CWE-20
Improper Input Validation
|
CVE-2020-10028
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211230
|
7.8 |
HIGH
Local
|
zephyrproject
|
zephyr
|
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and …
|
CWE-697
Incorrect Comparison
|
CVE-2020-10027
|
2024-11-21 13:54 |
2020-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
