CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6201 CVE-2020-11723 798 2020-04-14 2020-04-22
2.1
None Local Low Not required Partial None None
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.
6202 CVE-2020-11740 200 +Info 2020-04-14 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
6203 CVE-2020-11742 DoS 2020-04-14 2020-07-13
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.
6204 CVE-2020-11743 755 DoS 2020-04-14 2020-07-13
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.
6205 CVE-2020-11767 200 +Info 2020-04-15 2021-07-21
2.6
None Remote High Not required Partial None None
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.
6206 CVE-2020-11832 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.
6207 CVE-2020-11833 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.
6208 CVE-2020-11834 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.
6209 CVE-2020-11835 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.
6210 CVE-2020-11836 +Info 2021-02-06 2021-02-08
2.1
None Local Low Not required Partial None None
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
6211 CVE-2020-11867 276 2020-11-30 2022-01-01
2.1
None Local Low Not required Partial None None
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
6212 CVE-2020-11869 190 DoS Overflow 2020-04-27 2020-05-28
2.1
None Local Low Not required None None Partial
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
6213 CVE-2020-11923 312 2021-04-02 2021-04-07
2.1
None Local Low Not required Partial None None
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
6214 CVE-2020-11924 312 2021-04-02 2021-04-07
2.1
None Local Low Not required Partial None None
An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.
6215 CVE-2020-11931 668 Bypass 2020-05-15 2020-05-19
2.1
None Local Low Not required Partial None None
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
6216 CVE-2020-11932 532 2020-05-13 2020-08-03
2.1
None Local Low Not required Partial None None
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
6217 CVE-2020-11937 401 DoS 2020-08-06 2021-09-13
2.1
None Local Low Not required None None Partial
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
6218 CVE-2020-11947 125 2020-12-31 2021-02-18
2.1
None Local Low Not required Partial None None
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
6219 CVE-2020-11990 2020-12-01 2022-01-01
2.1
None Local Low Not required Partial None None
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
6220 CVE-2020-12023 532 2020-06-11 2020-06-23
2.7
None Local Network Low ??? Partial None None
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.
6221 CVE-2020-12039 798 2020-06-29 2020-07-09
2.1
None Local Low Not required Partial None None
Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.
6222 CVE-2020-12288 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6223 CVE-2020-12289 787 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6224 CVE-2020-12290 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6225 CVE-2020-12291 400 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6226 CVE-2020-12292 754 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6227 CVE-2020-12293 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6228 CVE-2020-12294 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6229 CVE-2020-12295 20 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6230 CVE-2020-12296 400 DoS 2021-06-09 2021-06-15
2.1
None Local Low Not required None None Partial
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
6231 CVE-2020-12309 522 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
6232 CVE-2020-12310 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
6233 CVE-2020-12311 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
6234 CVE-2020-12316 522 2020-11-12 2020-11-20
2.1
None Local Low Not required Partial None None
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.
6235 CVE-2020-12326 665 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.
6236 CVE-2020-12327 1188 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.
6237 CVE-2020-12328 200 +Info 2020-11-12 2021-07-21
2.1
None Local Low Not required Partial None None
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.
6238 CVE-2020-12356 125 2020-11-12 2020-11-18
2.1
None Local Low Not required Partial None None
Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.
6239 CVE-2020-12358 787 DoS 2021-06-09 2021-08-10
2.1
None Local Low Not required None None Partial
Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
6240 CVE-2020-12361 416 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
6241 CVE-2020-12363 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
6242 CVE-2020-12364 476 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
6243 CVE-2020-12365 476 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.
6244 CVE-2020-12370 476 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
6245 CVE-2020-12371 369 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
6246 CVE-2020-12372 252 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.
6247 CVE-2020-12376 798 2021-02-17 2021-02-22
2.1
None Local Low Not required Partial None None
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
6248 CVE-2020-12386 787 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
6249 CVE-2020-12392 200 +Info 2020-05-26 2021-07-21
2.1
None Local Low Not required Partial None None
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
6250 CVE-2020-12394 20 2020-05-26 2021-07-21
2.1
None Local Low Not required None Partial None
A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.