Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0344 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729887 | |||||
| CVE-2020-0352 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132074310 | |||||
| CVE-2020-0359 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150303018 | |||||
| CVE-2020-0372 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119673147 | |||||
| CVE-2020-0351 | 1 Google | 1 Android | 2020-09-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 | |||||
| CVE-2020-0355 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493 | |||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | |||||
| CVE-2020-0274 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-120781925 | |||||
| CVE-2020-0279 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-131430997 | |||||
| CVE-2020-0301 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 | |||||
| CVE-2020-0314 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934920 | |||||
| CVE-2020-0289 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996872 | |||||
| CVE-2020-0290 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153996866 | |||||
| CVE-2020-8346 | 1 Lenovo | 1 System Interface Foundation | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | |||||
| CVE-2020-0347 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008 | |||||
| CVE-2020-0348 | 1 Google | 1 Android | 2020-09-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582 | |||||
| CVE-2020-0350 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089 | |||||
| CVE-2020-0365 | 1 Google | 1 Android | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580 | |||||
| CVE-2020-0281 | 1 Google | 1 Android | 2020-09-21 | 3.5 LOW | 4.5 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 | |||||
| CVE-2020-0282 | 1 Google | 1 Android | 2020-09-21 | 3.5 LOW | 4.5 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 | |||||
| CVE-2020-0334 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915 | |||||
| CVE-2020-0335 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504 | |||||
| CVE-2020-7807 | 2 Lg, Microsoft | 5 Ipsfullhd, Lg Ultrawide, Lgpcsuite Setup and 2 more | 2020-09-21 | 1.9 LOW | 5.5 MEDIUM |
| A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | |||||
| CVE-2020-25280 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | |||||
| CVE-2019-12416 | 1 Apache | 1 Deltaspike | 2020-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| we got reports for 2 injection attacks against the DeltaSpike windowhandler.js. This is only active if a developer selected the ClientSideWindowStrategy which is not the default. | |||||
| CVE-2020-15769 | 1 Gradle | 1 Enterprise | 2020-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. | |||||
| CVE-2019-20917 | 1 Inspircd | 1 Inspircd | 2020-09-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | |||||
| CVE-2020-25269 | 1 Inspircd | 1 Inspircd | 2020-09-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | |||||
| CVE-2020-0291 | 1 Google | 1 Android | 2020-09-18 | 2.1 LOW | 4.4 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146032016 | |||||
| CVE-2020-20406 | 1 Elementor | 1 Elementor Page Builder | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. | |||||
| CVE-2020-24924 | 1 Elkarbackup | 1 Elkarbackup | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter | |||||
| CVE-2020-25380 | 1 Recall-products Project | 1 Recall-products | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. | |||||
| CVE-2017-11104 | 1 Knot-dns | 1 Knot Dns | 2020-09-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | |||||
| CVE-2020-0292 | 1 Google | 1 Android | 2020-09-18 | 2.1 LOW | 4.4 MEDIUM |
| In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-110107252 | |||||
| CVE-2020-25375 | 1 Softrade | 1 Wp Smart Crm \& Invoices | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. | |||||
| CVE-2018-17622 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354. | |||||
| CVE-2018-5407 | 7 Canonical, Debian, Nodejs and 4 more | 20 Ubuntu Linux, Debian Linux, Node.js and 17 more | 2020-09-18 | 1.9 LOW | 4.7 MEDIUM |
| Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | |||||
| CVE-2018-18984 | 1 Medtronic | 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more | 2020-09-18 | 2.1 LOW | 4.6 MEDIUM |
| Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. | |||||
| CVE-2018-17686 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6844. | |||||
| CVE-2018-17699 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073. | |||||
| CVE-2018-16487 | 1 Lodash | 1 Lodash | 2020-09-18 | 6.8 MEDIUM | 5.6 MEDIUM |
| A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | |||||
| CVE-2020-13307 | 1 Gitlab | 1 Gitlab | 2020-09-18 | 6.0 MEDIUM | 4.7 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. | |||||
| CVE-2020-2271 | 1 Jenkins | 1 Locked Files Report | 2020-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-5306 | 1 Codologic | 1 Codoforum | 2020-09-18 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | |||||
| CVE-2020-2275 | 1 Jenkins | 1 Copy Data To Workspace | 2020-09-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-21845 | 1 Codoforum | 1 Codoforum | 2020-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' | |||||
| CVE-2020-10227 | 1 Vtenext | 1 Vtenext | 2020-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email. | |||||
| CVE-2020-2252 | 1 Jenkins | 1 Mailer | 2020-09-18 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2020-09-18 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2254 | 1 Jenkins | 1 Blue Ocean | 2020-09-18 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | |||||