CVE-2020-15096

MEDIUM Year: 2020
CVSS v3 Score
6.8
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-501
View all →

Vulnerability Description

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.

Related Vulnerabilities

CVE-2019-0035

MEDIUM
CVSS:6.8(Medium)

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-passw...

CWE-5012019

CVE-2022-20826

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Softwa...

CWE-5012022

CVE-2024-1725

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's v...

CWE-5012024

CVE-2023-28597

HIGH
CVSS:7.5(High)

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web por...

CWE-5012023

CVE-2024-9779

HIGH
CVSS:7.5(High)

A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service ...

CWE-5012024

CVE-2024-20265

MEDIUM
CVSS:5.9(Medium)

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that h...

CWE-5012024