|
211401
|
6.5 |
MEDIUM
Network
|
it-novum
|
openitcockpit
|
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connect…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-10791
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211402
|
5.4 |
MEDIUM
Network
|
it-novum
|
openitcockpit
|
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10790
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211403
|
9.8 |
CRITICAL
Network
|
it-novum
|
openitcockpit
|
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInt…
|
CWE-78
OS Command
|
CVE-2020-10789
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211404
|
5.3 |
MEDIUM
Local
|
linux
opensuse
debian
canonical
|
linux_kernel
leap
debian_linux
ubuntu_linux
|
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10942
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211405
|
5.9 |
MEDIUM
Network
|
arm
fedoraproject
debian
|
mbed_crypto
mbed_tls
fedora
debian_linux
|
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
|
NVD-CWE-noinfo
|
CVE-2020-10941
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211406
|
4.6 |
MEDIUM
Physics
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020).
|
NVD-CWE-noinfo
|
CVE-2020-10855
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211407
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020).
|
NVD-CWE-noinfo
|
CVE-2020-10854
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211408
|
5.3 |
MEDIUM
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020).
|
NVD-CWE-noinfo
|
CVE-2020-10853
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211409
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020).
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10852
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211410
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020).
|
CWE-787
Out-of-bounds Write
|
CVE-2020-10851
|
2024-11-21 13:56 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
