CVE List - 2020 / April
Showing 401 - 500 of 2186 CVEs for April 2020 (Page 5 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-21082 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The... |
| CVE-2018-21081 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent.... |
| CVE-2020-11600 | 2020-04-08 | An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588,... |
| CVE-2020-11601 | 2020-04-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is... |
| CVE-2020-11602 | 2020-04-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020). |
| CVE-2020-11604 | 2020-04-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. There is an Out-of-bounds read in the MLDAP Trustlet. The Samsung ID is SVE-2019-16565 (April... |
| CVE-2020-11605 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April... |
| CVE-2020-11606 | 2020-04-08 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April... |
| CVE-2020-11607 | 2020-04-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exposure occurs in Lockdown mode because of the Edge Lighting application. The Samsung ID is SVE-2020-16680... |
| CVE-2020-11603 | 2020-04-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The Samsung ID is SVE-2020-16599... |
| CVE-2018-21038 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). |
| CVE-2018-21039 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen.... |
| CVE-2018-21040 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The... |
| CVE-2020-11000 | 2020-04-08 | Improper URL validation in GreenBrowser |
| CVE-2018-21041 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018). |
| CVE-2018-21080 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897... |
| CVE-2018-21079 | 2020-04-08 | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is... |
| CVE-2018-21078 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured... |
| CVE-2018-21042 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID... |
| CVE-2018-21043 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of... |
| CVE-2018-21044 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs... |
| CVE-2018-21045 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381... |
| CVE-2018-21077 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used... |
| CVE-2018-21046 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is clipboard Data Exposure via the Emergency Dialer upon connecting a USB device. The Samsung ID is SVE-2018-12911... |
| CVE-2018-21076 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung... |
| CVE-2018-21075 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID... |
| CVE-2018-21047 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup... |
| CVE-2018-21074 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is... |
| CVE-2018-21073 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the... |
| CVE-2018-21072 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung... |
| CVE-2018-21071 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account.... |
| CVE-2018-21070 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a... |
| CVE-2018-21069 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852... |
| CVE-2018-21068 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The... |
| CVE-2018-21067 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July... |
| CVE-2018-21066 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung... |
| CVE-2020-10262 | 2020-04-08 | An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN... |
| CVE-2018-21065 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID... |
| CVE-2018-21064 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). |
| CVE-2018-21063 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The... |
| CVE-2018-21062 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a... |
| CVE-2020-10263 | 2020-04-08 | An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or... |
| CVE-2018-21061 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August... |
| CVE-2018-21048 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November... |
| CVE-2018-21049 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access... |
| CVE-2018-21060 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The... |
| CVE-2020-11576 | 2020-04-08 | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing... |
| CVE-2018-21050 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The... |
| CVE-2018-21051 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The... |
| CVE-2018-21059 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID... |
| CVE-2018-21052 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code... |
| CVE-2018-21058 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used;... |
| CVE-2018-21057 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is... |
| CVE-2018-21056 | 2020-04-08 | An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). |
| CVE-2018-21053 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is... |
| CVE-2018-21054 | 2020-04-08 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T... |
| CVE-2018-21055 | 2020-04-08 | An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in... |
| CVE-2020-10981 | 2020-04-08 | GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. |
| CVE-2020-10980 | 2020-04-08 | GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. |
| CVE-2020-10979 | 2020-04-08 | GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. |
| CVE-2020-10978 | 2020-04-08 | GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. |
| CVE-2020-10977 | 2020-04-08 | GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. |
| CVE-2020-10976 | 2020-04-08 | GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. |
| CVE-2020-10975 | 2020-04-08 | GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. |
| CVE-2020-10814 | 2020-04-08 | A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. |
| CVE-2020-1978 | 2020-04-08 | VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs |
| CVE-2020-1984 | 2020-04-08 | Secdo: Privilege escalation via hardcoded script path |
| CVE-2020-1985 | 2020-04-08 | Secdo: Incorrect Default Permissions |
| CVE-2020-1986 | 2020-04-08 | Secdo: Local authenticated users can cause Windows system crash |
| CVE-2020-1987 | 2020-04-08 | Global Protect Agent: VPN cookie local information disclosure |
| CVE-2020-1988 | 2020-04-08 | Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability |
| CVE-2020-1989 | 2020-04-08 | Global Protect Agent: Incorrect privilege assignment allows local privilege escalation |
| CVE-2020-1990 | 2020-04-08 | PAN-OS: Buffer overflow in the management server |
| CVE-2020-1991 | 2020-04-08 | Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows |
| CVE-2020-1992 | 2020-04-08 | PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation |
| CVE-2020-1613 | 2020-04-08 | Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement. |
| CVE-2020-1614 | 2020-04-08 | NFX250 Series: Hardcoded credentials in the vSRX VNF instance. |
| CVE-2020-1615 | 2020-04-08 | Junos OS: vMX: Default credentials supplied in vMX configuration |
| CVE-2020-1616 | 2020-04-08 | JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service. |
| CVE-2020-1617 | 2020-04-08 | Junos OS: PTX1000 and PTX10000 Series, QFX10000 Series using non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. |
| CVE-2020-1618 | 2020-04-08 | Junos OS: EX and QFX Series: Console port authentication bypass vulnerability |
| CVE-2020-1619 | 2020-04-08 | Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE. |
| CVE-2020-1620 | 2020-04-08 | Junos OS Evolved: Configd leaks hashes via log file and is world readable |
| CVE-2020-1621 | 2020-04-08 | Junos OS Evolved: Configd leaks hashes via stream and is world readable |
| CVE-2020-1622 | 2020-04-08 | Junos OS Evolved: EvoSharedObjStore may leak sensitive information |
| CVE-2020-1623 | 2020-04-08 | Junos OS Evolved: ev.ops file may leak sensitive information |
| CVE-2020-1624 | 2020-04-08 | Junos OS Evolved: objmon logs may leak sensitive information |
| CVE-2020-1625 | 2020-04-08 | Junos OS: Kernel memory leak in virtual-memory due to interface flaps |
| CVE-2020-1626 | 2020-04-08 | Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets |
| CVE-2020-1627 | 2020-04-08 | Junos OS: vMX and MX150: Denial of Service vulnerability in packet processing |
| CVE-2020-1628 | 2020-04-08 | Junos OS: EX4300: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces |
| CVE-2020-1629 | 2020-04-08 | Junos OS: A race condition vulnerability may cause RPD daemon to crash when processing a BGP NOTIFICATION message. |
| CVE-2020-1630 | 2020-04-08 | Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change. |
| CVE-2020-1634 | 2020-04-08 | Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. |
| CVE-2020-1637 | 2020-04-08 | Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability |
| CVE-2020-1638 | 2020-04-08 | Junos OS & Junos OS Evolved: A specific IPv4 packet can lead to FPC restart. |
| CVE-2020-1639 | 2020-04-08 | Junos OS: A crafted Ethernet OAM packet received by Junos may cause the Ethernet OAM connectivity fault management process (CFM) to core. |
| CVE-2020-8826 | 2020-04-08 | As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication. |
| CVE-2020-8827 | 2020-04-08 | As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts... |
| CVE-2020-8828 | 2020-04-08 | As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege... |