How severe is CVE-2020-0407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2020-0407?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2020-0407

MEDIUM Year: 2020

CVSS v3 Score

4.4

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-330

View all →

Vulnerability Description

In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A

CVE-2021-28099

MEDIUM

CVSS:4.4(Medium)

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source...

CWE-3302021

CVE-2019-12434

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked ...

CWE-3302019

CVE-2019-4411

MEDIUM

CVSS:4.3(Medium)

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658.

CWE-3302019

CVE-2020-11585

MEDIUM

CVSS:4.3(Medium)

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in ...

CWE-3302020

CVE-2022-26080

MEDIUM

CVSS:4.3(Medium)

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936...

CWE-3302022

CVE-2018-19441

MEDIUM

CVSS:4.7(Medium)

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for loca...

CWE-3302018

CVE-2020-0407

Vulnerability Description

Related Vulnerabilities

CVE-2021-28099

CVE-2019-12434

CVE-2019-4411

CVE-2020-11585

CVE-2022-26080

CVE-2018-19441