Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2020-8913

    A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to insta... Read more

    Affected Products : play_core_library
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2020-8912

    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them ... Read more

    Affected Products : aws_s3_crypto_sdk
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2020-8911

    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to... Read more

    Affected Products : aws_s3_crypto_sdk
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8910

    A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315... Read more

    Affected Products : closure_library
    • Published: Mar. 26, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8908

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, o... Read more

    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-8907

    A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker w... Read more

    Affected Products : leap guest-oslogin
    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8905

    A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied i... Read more

    Affected Products : asylo
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2020-8904

    An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and writ... Read more

    Affected Products : asylo
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8903

    A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this ... Read more

    Affected Products : leap guest-oslogin
    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8902

    Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it ... Read more

    Affected Products : rendertron
    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-8899

    There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer... Read more

    Affected Products : android
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8897

    A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDK... Read more

    Affected Products : aws_encryption_sdk
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8896

    A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hol... Read more

    Affected Products : earth
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8895

    Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.... Read more

    Affected Products : earth
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8894

    An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.... Read more

    Affected Products : misp misp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8893

    An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.... Read more

    Affected Products : misp misp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2020-8892

    An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.... Read more

    Affected Products : misp misp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8891

    An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.... Read more

    Affected Products : misp misp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8890

    An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.... Read more

    Affected Products : misp misp
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8884

    rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.... Read more

    Affected Products : insider_threat_management
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results