Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35499

EPSS 0.11% · P30
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-35499

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux Kernel 中存在代码问题漏洞。该漏洞源于当使用BT_SNDMTU/BT_RCVMTU SCO sockets时,net/bluetooth/sco.c中的sco_sock_getsockopt函数没有检查Socket连接,本地攻击者可通过该漏洞攻击系统或获得敏感信息。 以下产品及版本受到影响:Linux Kernel 5.11。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-kernel kernel 5.11 -

II. Public POCs for CVE-2020-35499

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-35499

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-02-19 · 38 CVEs total

CVE-2021-233428.6 HIGHCross-site Scripting (XSS)
CVE-2020-362526.8 MEDIUMOwncloud 权限许可和访问控制问题漏洞
CVE-2020-362506.1 MEDIUMOwncloud ownCloud 加密问题漏洞
CVE-2020-362483.9 LOWOwncloud ownCloud 权限许可和访问控制问题漏洞
CVE-2020-362513.5 LOWOwncloud 权限许可和访问控制问题漏洞
CVE-2020-12374多款 Intel Server System 产品缓冲区错误漏洞
CVE-2021-22702Schneider PowerLogic 产品信息泄露漏洞
CVE-2020-13549Sytech XL Reporter 权限许可和访问控制问题漏洞
CVE-2021-27328Yeastar NeoGate TG400 路径遍历漏洞
CVE-2021-27214ZOHO ManageEngine ServiceDesk Plus 代码问题漏洞
CVE-2021-27351Telegram 代码问题漏洞
CVE-2021-26713Digium Certified Asterisk 缓冲区错误漏洞
CVE-2021-27509Visualware MyConnection Server 安全漏洞
CVE-2021-3189Npm slashify 输入验证错误漏洞
CVE-2020-12668HubSpot Jinjava 信息泄露漏洞
CVE-2020-12873Alfresco Software Alfresco Enterprise和Alfresco 注入漏洞
CVE-2020-24392Voloko Twitter-stream 信任管理问题漏洞
CVE-2020-24393TweetStream 信任管理问题漏洞
CVE-2020-24617Mailtrain SQL注入漏洞
CVE-2020-27997Smartstore SmartStoreNET 跨站请求伪造漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: kernel
Same vendor: n/a
Same weakness: CWE-476

V. Comments for CVE-2020-35499

No comments yet

Leave a comment