Skip to main content
CVE-2020-15239 LOW PATCH Monitor

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure Path Traversal Xmpp Http Upload
NVD GitHub
CVSS 3.1
3.5
EPSS
1.5%
CVE-2020-1905 LOW Monitor

Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2020-25743 LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Openstack Platform Enterprise Linux
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-25742 LOW PATCH Monitor

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.1
3.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy