Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10703 | 1 Redhat | 1 Libvirt | 2020-06-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. | |||||
| CVE-2020-12430 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2020-06-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. | |||||
| CVE-2019-19110 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 3.5 LOW | 4.8 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | |||||
| CVE-2020-5592 | 1 Zenphoto | 1 Zenphoto | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors. | |||||
| CVE-2019-19111 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | |||||
| CVE-2019-19112 | 1 Gvectors | 1 Wpforo | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | |||||
| CVE-2020-9647 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9648 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9651 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-9644 | 1 Adobe | 1 Experience Manager | 2020-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser. | |||||
| CVE-2020-13228 | 1 Sysax | 1 Multi Server | 2020-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter. | |||||
| CVE-2020-1331 | 1 Microsoft | 1 System Center Operations Manager | 2020-06-15 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. | |||||
| CVE-2020-1329 | 1 Microsoft | 1 Bing | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. | |||||
| CVE-2018-20195 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-20198 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case. | |||||
| CVE-2018-20357 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash. | |||||
| CVE-2018-20358 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-20359 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-20361 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | |||||
| CVE-2018-20362 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2020-06-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case. | |||||
| CVE-2020-2585 | 1 Oracle | 2 Jdk, Jre | 2020-06-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2020-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | |||||
| CVE-2020-0127 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506 | |||||
| CVE-2020-0211 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773 | |||||
| CVE-2020-0119 | 1 Google | 1 Android | 2020-06-15 | 5.4 MEDIUM | 5.3 MEDIUM |
| In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 | |||||
| CVE-2020-0205 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147234020 | |||||
| CVE-2020-0184 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141688974 | |||||
| CVE-2020-0189 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283 | |||||
| CVE-2020-0196 | 1 Google | 1 Android | 2020-06-15 | 3.3 LOW | 6.5 MEDIUM |
| In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833 | |||||
| CVE-2020-0186 | 1 Google | 1 Android | 2020-06-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146144463 | |||||
| CVE-2020-0200 | 1 Google | 1 Android | 2020-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147231862 | |||||
| CVE-2020-0206 | 1 Google | 1 Android | 2020-06-15 | 2.1 LOW | 5.5 MEDIUM |
| In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005061 | |||||
| CVE-2020-14010 | 1 Laborator | 1 Xenon | 2020-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | |||||
| CVE-2020-1232 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | |||||
| CVE-2020-11608 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-06-13 | 4.9 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. | |||||
| CVE-2020-11609 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-06-13 | 4.9 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. | |||||
| CVE-2020-12652 | 1 Linux | 1 Linux Kernel | 2020-06-13 | 4.7 MEDIUM | 4.1 MEDIUM |
| The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." | |||||
| CVE-2020-8017 | 2 Opensuse, Suse | 4 Leap, Texlive-filesystem, Linux Enterprise Desktop and 1 more | 2020-06-13 | 3.3 LOW | 6.3 MEDIUM |
| A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1. | |||||
| CVE-2020-0124 | 1 Google | 1 Android | 2020-06-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592 | |||||
| CVE-2020-12397 | 1 Mozilla | 1 Thunderbird | 2020-06-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. | |||||
| CVE-2020-0191 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 | |||||
| CVE-2020-0193 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 | |||||
| CVE-2020-0180 | 1 Google | 1 Android | 2020-06-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 | |||||
| CVE-2020-0143 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277 | |||||
| CVE-2020-0144 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497 | |||||
| CVE-2020-0149 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089 | |||||
| CVE-2020-0148 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492 | |||||
| CVE-2020-0146 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561 | |||||
| CVE-2020-0145 | 1 Google | 1 Android | 2020-06-12 | 2.1 LOW | 4.4 MEDIUM |
| In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079 | |||||
| CVE-2020-0157 | 1 Google | 1 Android | 2020-06-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 | |||||