LiveActive security incident?Get immediate response
CVE archive

August 2020

Browse CVE records published in August 2020, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1514 matching CVEs · Page 4 of 31.

Unknown · CVSS Not scored

CVE-2020-21047: The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-...

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

Published Aug 22, 2023 · Updated Oct 7, 2024

Unknown · CVSS Not scored

CVE-2020-11711: An issue was discovered in Stormshield SNS 3.8.0.

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

Published Aug 25, 2023 · Updated Oct 2, 2024