CVE-2020-12680
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-12680
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Avira Operations Antivirus 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Avira Operations Antivirus是Avira Operations公司的一套杀毒软件。 Avira Operations Antivirus 15.0.2005.1866及之前版本中存在安全漏洞,该漏洞源于用于收集凭证的Avira.PWM.NativeMessaging.exe可执行文件不会验证调用程序。攻击者可利用该漏洞获取敏感信息,例如密码或凭证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2020-12680
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-12680
请登录查看更多情报信息。
- https://twitter.com/taviso/status/1258448515912491026x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-12680
Same Patch Batch · n/a · 2020-05-08 · 19 CVEs total
| CVE-2020-5741 | Plex Media Server 代码问题漏洞 | |
| CVE-2020-11532 | ZOHO ManageEngine DataSecurity Plus 授权问题漏洞 | |
| CVE-2020-11531 | ZOHO ManageEngine DataSecurity Plus DataEngine Xnode Server应用程序路径遍历漏洞 | |
| CVE-2020-6616 | Samsung Galaxy S8、S8+和Note8 Broadcom Bluetooth芯片组安全特征问题漏洞 | |
| CVE-2020-11530 | WordPress Chop Slider SQL注入漏洞 | |
| CVE-2018-20225 | Pip 输入验证错误漏洞 | |
| CVE-2020-12740 | AppNeta Tcpreplay 缓冲区错误漏洞 | |
| CVE-2020-12737 | Maxum Development Rumpus 路径遍历漏洞 | |
| CVE-2020-11541 | TechSmith SnagIT 代码问题漏洞 | |
| CVE-2020-12735 | DomainMod 安全特征问题漏洞 | |
| CVE-2020-12018 | Advantech WebAccess Node 缓冲区错误漏洞 | |
| CVE-2020-12002 | Advantech WebAccess Node 缓冲区错误漏洞 | |
| CVE-2020-10638 | Advantech WebAccess Node 缓冲区错误漏洞 | |
| CVE-2020-12026 | Advantech WebAccess Node 路径遍历漏洞 | |
| CVE-2020-12014 | Advantech WebAccess Node SQL注入漏洞 | |
| CVE-2020-12006 | Advantech WebAccess Node 路径遍历漏洞 | |
| CVE-2020-12010 | Advantech WebAccess Node 路径遍历漏洞 | |
| CVE-2020-12022 | Advantech WebAccess Node 输入验证错误漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2020-12680
No comments yet