CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5501 CVE-2019-20743 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
5502 CVE-2019-20744 200 +Info 2020-04-16 2021-07-21
2.7
None Local Network Low ??? Partial None None
NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.
5503 CVE-2019-20759 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
5504 CVE-2019-20774 200 +Info 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).
5505 CVE-2019-20775 326 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).
5506 CVE-2019-20776 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
5507 CVE-2019-20779 20 2020-04-17 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).
5508 CVE-2019-20784 2020-04-17 2020-04-24
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
5509 CVE-2019-20795 416 2020-05-09 2020-09-10
2.1
None Local Low Not required None None Partial
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
5510 CVE-2019-20806 476 DoS 2020-05-27 2020-06-19
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
5511 CVE-2019-20808 125 DoS 2020-12-31 2021-03-31
2.1
None Local Low Not required None None Partial
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
5512 CVE-2019-20811 2020-06-03 2020-09-23
2.1
None Local Low Not required None Partial None
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
5513 CVE-2019-20872 918 2020-06-19 2020-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
5514 CVE-2019-25030 522 2021-05-26 2021-06-07
2.1
None Local Low Not required Partial None None
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
5515 CVE-2019-1003017 352 2019-02-06 2019-10-09
2.6
None Remote High Not required None Partial None
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
5516 CVE-2019-1003038 522 2019-03-08 2020-09-30
2.1
None Local Low Not required Partial None None
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
5517 CVE-2019-1003044 352 CSRF 2019-03-28 2020-06-23
2.1
None Remote High ??? Partial None None
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
5518 CVE-2019-1003048 311 2019-03-28 2020-09-29
2.1
None Local Low Not required Partial None None
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
5519 CVE-2019-1010208 119 Exec Code Overflow 2019-07-23 2019-08-05
2.1
None Local Low Not required Partial None None
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1.
5520 CVE-2019-1020014 415 2019-07-29 2021-01-14
2.1
None Local Low Not required Partial None None
docker-credential-helpers before 0.6.3 has a double free in the List functions.
5521 CVE-2020-0007 908 2020-01-08 2022-01-01
2.1
None Local Low Not required Partial None None
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807
5522 CVE-2020-0009 276 Bypass 2020-01-08 2020-06-10
2.1
None Local Low Not required None Partial None
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
5523 CVE-2020-0018 532 2020-02-13 2020-02-18
2.1
None Local Low Not required Partial None None
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
5524 CVE-2020-0019 798 2020-12-14 2021-07-21
2.1
None Local Low Not required Partial None None
In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413798
5525 CVE-2020-0029 200 +Info 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828
5526 CVE-2020-0042 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599
5527 CVE-2020-0043 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218
5528 CVE-2020-0044 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219
5529 CVE-2020-0047 863 2020-03-10 2021-07-21
2.1
None Local Low Not required None Partial None
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311
5530 CVE-2020-0048 908 +Info 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189
5531 CVE-2020-0055 125 2020-03-10 2021-06-08
2.1
None Local Low Not required Partial None None
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141617601
5532 CVE-2020-0056 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686
5533 CVE-2020-0057 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271
5534 CVE-2020-0058 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011
5535 CVE-2020-0059 125 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524
5536 CVE-2020-0060 89 Sql Bypass 2020-03-10 2020-03-11
2.1
None Local Low Not required Partial None None
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845
5537 CVE-2020-0064 863 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855
5538 CVE-2020-0065 863 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448
5539 CVE-2020-0067 125 2020-04-17 2020-10-14
2.1
None Local Low Not required Partial None None
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
5540 CVE-2020-0068 125 Overflow 2020-04-17 2021-07-21
2.1
None Local Low Not required Partial None None
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. Android ID: A-139354541
5541 CVE-2020-0075 125 2020-04-17 2020-04-22
2.1
None Local Low Not required Partial None None
In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864
5542 CVE-2020-0077 125 2020-04-17 2020-04-23
2.1
None Local Low Not required Partial None None
In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840
5543 CVE-2020-0090 863 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048
5544 CVE-2020-0091 200 +Info 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700
5545 CVE-2020-0100 125 2020-05-14 2020-05-18
2.1
None Local Low Not required Partial None None
In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584
5546 CVE-2020-0101 200 +Info 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096
5547 CVE-2020-0104 200 +Info 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870
5548 CVE-2020-0106 200 Bypass +Info 2020-05-14 2021-07-21
2.1
None Local Low Not required Partial None None
In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207
5549 CVE-2020-0107 276 Bypass 2020-07-17 2021-07-21
2.1
None Local Low Not required Partial None None
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216
5550 CVE-2020-0121 276 Bypass 2020-06-10 2021-07-21
2.1
None Local Low Not required Partial None None
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.