Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16036 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page. | |||||
| CVE-2020-16034 | 1 Google | 1 Chrome | 2021-01-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page. | |||||
| CVE-2020-35952 | 1 Php-fusion | 1 Php-fusion | 2021-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | |||||
| CVE-2020-36170 | 1 Ultimatemember | 1 Ultimate Member | 2021-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. | |||||
| CVE-2021-3022 | 1 Google | 1 Android | 2021-01-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January 2021). | |||||
| CVE-2021-22494 | 2 Google, Samsung | 2 Android, Galaxy Note 20 | 2021-01-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021). | |||||
| CVE-2020-36159 | 1 Veritas | 1 Desktop And Laptop Option | 2021-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. | |||||
| CVE-2021-3005 | 1 Mk-auth | 1 Mk-auth | 2021-01-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number) value to the central/recibo.php URI. | |||||
| CVE-2020-28841 | 1 Drivergenius | 1 Drivergenius Firmware | 2021-01-07 | 7.1 HIGH | 5.5 MEDIUM |
| MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1. | |||||
| CVE-2020-35904 | 1 Crossbeam-channel Project | 1 Crossbeam-channel | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. | |||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | |||||
| CVE-2020-35903 | 1 Dync Project | 1 Dync | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. | |||||
| CVE-2020-35915 | 1 Futures-intrusive Project | 1 Futures-intrusive | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | |||||
| CVE-2020-35910 | 1 Lock Api Project | 1 Lock Api | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | |||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | |||||
| CVE-2020-35908 | 1 Rust-lang | 1 Future-utils | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. | |||||
| CVE-2020-15898 | 1 Arista | 49 7050cx3-32s, 7050cx3m-32s, 7050qx-32s and 46 more | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. | |||||
| CVE-2020-28925 | 1 Boltcms | 1 Bolt | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. | |||||
| CVE-2020-35803 | 1 Netgear | 30 Ac2100, Ac2100 Firmware, Ac2400 and 27 more | 2021-01-04 | 2.1 LOW | 4.4 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74. | |||||
| CVE-2020-6565 | 4 Apple, Fedoraproject, Google and 1 more | 4 Iphone Os, Fedora, Chrome and 1 more | 2021-01-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-6560 | 3 Fedoraproject, Google, Opensuse | 4 Fedora, Chrome, Backports Sle and 1 more | 2021-01-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-35781 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2020-12-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | |||||
| CVE-2020-35780 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2020-12-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | |||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2020-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | |||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2020-12-30 | 7.2 HIGH | 6.8 MEDIUM |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | |||||
| CVE-2020-29159 | 1 Zammad | 1 Zammad | 2020-12-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended. | |||||
| CVE-2020-28190 | 1 Terra-master | 1 Tos | 2020-12-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates. | |||||
| CVE-2020-28185 | 1 Terra-master | 1 Tos | 2020-12-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | |||||
| CVE-2020-35548 | 1 Google | 1 Android | 2020-12-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). | |||||
| CVE-2020-35549 | 1 Google | 1 Android | 2020-12-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | |||||
| CVE-2020-35552 | 1 Google | 1 Android | 2020-12-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | |||||
| CVE-2020-10009 | 1 Apple | 1 Mac Os X | 2020-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2020-10007 | 1 Apple | 1 Mac Os X | 2020-12-15 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-10002 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-12-15 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. | |||||
| CVE-2020-0469 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 5.5 MEDIUM |
| In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734 | |||||
| CVE-2020-35149 | 1 Mquery Project | 1 Mquery | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. | |||||
| CVE-2020-12595 | 1 Broadcom | 1 Symantec Messaging Gateway | 2020-12-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4. | |||||
| CVE-2020-26964 | 2 Google, Mozilla | 2 Android, Firefox | 2020-12-10 | 4.0 MEDIUM | 6.8 MEDIUM |
| If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26961 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26963 | 1 Mozilla | 1 Firefox | 2020-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26967 | 1 Mozilla | 1 Firefox | 2020-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-9922 | 1 Apple | 1 Mac Os X | 2020-12-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files. | |||||
| CVE-2019-6170 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2020-12-08 | 4.4 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. | |||||
| CVE-2019-6172 | 1 Lenovo | 784 130-14ikb, 130-14ikb Firmware, 130-15ikb and 781 more | 2020-12-08 | 4.4 MEDIUM | 6.4 MEDIUM |
| A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution. | |||||
| CVE-2020-25265 | 1 Appimage | 1 Libappimage | 2020-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. | |||||
| CVE-2017-4983 | 1 Dell | 1 Emc Data Domain Os | 2020-12-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. | |||||