Skip to main content
CVE-2020-13765 MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
2.4%
CVE-2020-10702 MEDIUM This Month

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qemu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13791 MEDIUM PATCH This Month

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6640 MEDIUM This Month

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortianalyzer
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-4191 MEDIUM This Month

IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-9462 MEDIUM This Month

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Homey Firmware Homey Pro Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2020-13838 LOW Monitor

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2020-13837 LOW Monitor

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
3.5
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy