From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15481
PUBLISHED: 2020-11-13
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could …
CVE-2020-28638
PUBLISHED: 2020-11-13
ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users’ files to be encrypted with “tomb {W] Detected DISPLAY, but only pinentry-curses is found.” as the encryption key.
CVE-2020-5796
PUBLISHED: 2020-11-13
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVE-2020-6157
PUBLISHED: 2020-11-13
Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitiv…
CVE-2020-12338
PUBLISHED: 2020-11-13
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
