Total
654 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0734 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911 | ||||
| CVE-2021-0588 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342 | ||||
| CVE-2021-0542 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 | ||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.3 Medium |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | ||||
| CVE-2020-8698 | 6 Debian, Fedoraproject, Intel and 3 more | 54 Debian Linux, Fedora, Core I3-1000g1 and 51 more | 2024-11-21 | 5.5 Medium |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-8449 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-7912 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. | ||||
| CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2024-11-21 | 9.3 Critical |
| Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | ||||
| CVE-2020-6490 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6442 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-5887 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 9.1 Critical |
| On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. | ||||
| CVE-2020-5422 | 1 Cloud Foundry | 1 Bosh System Metrics Server | 2024-11-21 | 6.5 Medium |
| BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). | ||||
| CVE-2020-5386 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-11-21 | 7.5 High |
| Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. | ||||
| CVE-2020-4989 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 4.3 Medium |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | ||||
| CVE-2020-36319 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 3.1 Low |
| Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController | ||||
| CVE-2020-35215 | 1 Atomix | 1 Atomix | 2024-11-21 | 6.5 Medium |
| An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | ||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 High |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||||
| CVE-2020-27872 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. | ||||
| CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 3.5 Low |
| In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | ||||