|
210041
|
7.8 |
HIGH
Local
|
packagekit_project
canonical
|
packagekit
ubuntu_linux
|
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured Policy…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-16122
|
2024-11-21 14:06 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210042
|
3.3 |
LOW
Local
|
packagekit_project
canonical
|
packagekit
ubuntu_linux
|
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-16121
|
2024-11-21 14:06 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210043
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
|
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15708
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210044
|
9.0 |
CRITICAL
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immut…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15952
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210045
|
6.1 |
MEDIUM
Network
|
immuta
|
immuta
|
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker c…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15951
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210046
|
8.8 |
HIGH
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15950
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210047
|
7.5 |
HIGH
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.
|
CWE-287
Improper Authentication
|
CVE-2020-15949
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210048
|
9.6 |
CRITICAL
Network
|
google
opensuse
debian
|
chrome
leap
backports_sle
debian_linux
|
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16011
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210049
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16010
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210050
|
8.8 |
HIGH
Network
|
google
microsoft
cefsharp
opensuse
fedoraproject
debian
|
chrome
edge_chromium
edge
cefsharp
leap
backports_sle
fedora
debian_linux
|
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-787
CWE-843
Out-of-bounds Write
Type Confusion
|
CVE-2020-16009
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
