How severe is CVE-2020-9064?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-9064?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-9064

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-287

View all →

Vulnerability Description

Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.

CVE-2010-2496

MEDIUM

CVSS:5.5(Medium)

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its op...

CWE-2872010

CVE-2014-8180

MEDIUM

CVSS:5.5(Medium)

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

CWE-2872014

CVE-2016-5410

MEDIUM

CVSS:5.5(Medium)

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry...

CWE-2872016

CVE-2018-1106

MEDIUM

CVSS:5.5(Medium)

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to i...

CWE-2872018