» 2020 » 12월

CVE-2020-35555

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35555

An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).

Source: CVE-2020-35555

CVE-2020-35554

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).

Source: CVE-2020-35554

CVE-2019-16955

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2019-16955

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

Source: CVE-2019-16955

CVE-2020-35548

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35548

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).

Source: CVE-2020-35548

CVE-2020-35551

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35551

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).

Source: CVE-2020-35551

CVE-2020-35550

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35550

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).

Source: CVE-2020-35550

CVE-2020-35549

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35549

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).

Source: CVE-2020-35549

CVE-2019-16957

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2019-16957

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

Source: CVE-2019-16957

CVE-2020-35480

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35480

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don’t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

Source: CVE-2020-35480

CVE-2020-35474

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-35474

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

Source: CVE-2020-35474