Security Vulnerabilities - CVEs Published In 2020
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).
CVSS Score
7.8
EPSS Score
0.0
Published
2020-12-18
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
CVSS Score
5.4
EPSS Score
0.019
Published
2020-12-18
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
CVSS Score
5.4
EPSS Score
0.022
Published
2020-12-18
An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).
CVSS Score
5.5
EPSS Score
0.0
Published
2020-12-18
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
CVSS Score
5.5
EPSS Score
0.0
Published
2020-12-18
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).
CVSS Score
9.8
EPSS Score
0.001
Published
2020-12-18
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
CVSS Score
9.8
EPSS Score
0.001
Published
2020-12-18
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-18
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)
CVSS Score
7.5
EPSS Score
0.006
Published
2020-12-18
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
CVSS Score
5.3
EPSS Score
0.007
Published
2020-12-18