CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6401 CVE-2020-16126 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
6402 CVE-2020-16127 835 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
6403 CVE-2020-16128 209 2020-12-09 2020-12-11
2.1
None Local Low Not required Partial None None
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
6404 CVE-2020-16142 20 2020-08-27 2021-07-21
2.9
None Local Network Medium Not required None None Partial
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
6405 CVE-2020-16150 203 2020-09-02 2020-09-25
2.1
None Local Low Not required Partial None None
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
6406 CVE-2020-16218 79 XSS 2020-09-11 2020-09-15
2.7
None Local Network Low ??? Partial None None
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
6407 CVE-2020-16230 2020-09-18 2021-11-22
2.1
None Local Low Not required Partial None None
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
6408 CVE-2020-16237 20 2020-08-21 2020-08-27
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
6409 CVE-2020-16241 863 2020-08-21 2021-11-22
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
6410 CVE-2020-16280 522 2020-08-20 2020-08-26
2.1
None Local Low Not required Partial None None
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.
6411 CVE-2020-16854 2020-09-11 2020-09-16
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.
6412 CVE-2020-16879 20 2020-09-11 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'.
6413 CVE-2020-16889 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.
6414 CVE-2020-16897 2020-10-16 2020-10-22
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.
6415 CVE-2020-16901 665 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16938.
6416 CVE-2020-16914 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.
6417 CVE-2020-16919 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka 'Windows Enterprise App Management Service Information Disclosure Vulnerability'.
6418 CVE-2020-16921 119 Overflow 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka 'Windows Text Services Framework Information Disclosure Vulnerability'.
6419 CVE-2020-16922 347 2020-10-16 2020-10-20
2.1
None Local Low Not required None Partial None
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
6420 CVE-2020-16938 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16901.
6421 CVE-2020-16941 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
6422 CVE-2020-16942 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
6423 CVE-2020-16985 908 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990.
6424 CVE-2020-16986 DoS 2020-11-11 2020-11-20
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
6425 CVE-2020-16990 732 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985.
6426 CVE-2020-16991 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994.
6427 CVE-2020-16994 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.
6428 CVE-2020-16999 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows WalletService Information Disclosure Vulnerability
6429 CVE-2020-17000 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Remote Desktop Protocol Client Information Disclosure Vulnerability
6430 CVE-2020-17004 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Graphics Component Information Disclosure Vulnerability
6431 CVE-2020-17013 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Win32k Information Disclosure Vulnerability
6432 CVE-2020-17020 287 Bypass 2020-11-11 2021-07-21
2.1
None Local Low Not required Partial None None
Microsoft Word Security Feature Bypass Vulnerability
6433 CVE-2020-17056 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Network File System Information Disclosure Vulnerability
6434 CVE-2020-17069 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows NDIS Information Disclosure Vulnerability
6435 CVE-2020-17071 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows Delivery Optimization Information Disclosure Vulnerability
6436 CVE-2020-17094 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17138.
6437 CVE-2020-17098 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
6438 CVE-2020-17100 2020-11-11 2020-12-01
2.1
None Local Low Not required None Partial None
Visual Studio Tampering Vulnerability
6439 CVE-2020-17102 2020-11-11 2020-12-01
2.1
None Local Low Not required Partial None None
WebP Image Extensions Information Disclosure Vulnerability
6440 CVE-2020-17113 125 2020-11-11 2020-11-24
2.1
None Local Low Not required Partial None None
Windows Camera Codec Information Disclosure Vulnerability
6441 CVE-2020-17126 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
6442 CVE-2020-17138 200 +Info 2020-12-10 2021-07-21
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094.
6443 CVE-2020-17391 749 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.
6444 CVE-2020-17393 20 Exec Code +Info 2020-08-25 2020-08-28
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.
6445 CVE-2020-17394 129 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.
6446 CVE-2020-17398 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.
6447 CVE-2020-17401 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.
6448 CVE-2020-17402 732 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.
6449 CVE-2020-17490 732 2020-11-06 2021-03-30
2.1
None Local Low Not required Partial None None
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
6450 CVE-2020-17521 2020-12-07 2021-12-10
2.1
None Local Low Not required Partial None None
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.