|
209581
|
3.3 |
LOW
Local
|
packagekit_project
canonical
|
packagekit
ubuntu_linux
|
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-16121
|
2024-11-21 14:06 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209582
|
7.8 |
HIGH
Local
|
canonical
|
ubuntu_linux
|
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15708
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209583
|
9.0 |
CRITICAL
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immut…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15952
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209584
|
6.1 |
MEDIUM
Network
|
immuta
|
immuta
|
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker c…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15951
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209585
|
8.8 |
HIGH
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-15950
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209586
|
7.5 |
HIGH
Network
|
immuta
|
immuta
|
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.
|
CWE-287
Improper Authentication
|
CVE-2020-15949
|
2024-11-21 14:06 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209587
|
9.6 |
CRITICAL
Network
|
google
opensuse
debian
|
chrome
leap
backports_sle
debian_linux
|
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16011
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209588
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16010
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209589
|
8.8 |
HIGH
Network
|
google
microsoft
cefsharp
opensuse
fedoraproject
debian
|
chrome
edge_chromium
edge
cefsharp
leap
backports_sle
fedora
debian_linux
|
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-787
CWE-843
Out-of-bounds Write
Type Confusion
|
CVE-2020-16009
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209590
|
8.8 |
HIGH
Network
|
google
debian
opensuse
fedoraproject
|
chrome
debian_linux
leap
fedora
backports_sle
|
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16008
|
2024-11-21 14:06 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
