CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6451 CVE-2020-18442 835 DoS 2021-06-18 2021-12-28
2.1
None Local Low Not required None None Partial
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
6452 CVE-2020-21588 120 Overflow 2021-04-02 2021-04-08
2.1
None Local Low Not required None None Partial
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
6453 CVE-2020-23058 287 2021-10-22 2021-10-28
2.1
None Local Low Not required Partial None None
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
6454 CVE-2020-23136 613 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber v1.1.18 is affected by no session expiry after log-out.
6455 CVE-2020-23139 287 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
6456 CVE-2020-23250 327 2021-01-05 2021-01-08
2.1
None Local Low Not required Partial None None
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.
6457 CVE-2020-23856 416 DoS 2021-05-18 2022-01-01
2.1
None Local Low Not required None None Partial
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
6458 CVE-2020-24003 2021-01-11 2021-01-14
2.1
None Local Low Not required Partial None None
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
6459 CVE-2020-24347 125 2020-08-13 2020-09-18
2.1
None Local Low Not required None None Partial
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
6460 CVE-2020-24348 125 2020-08-13 2020-09-18
2.1
None Local Low Not required None None Partial
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
6461 CVE-2020-24349 20 2020-08-13 2020-09-18
2.1
None Local Low Not required None Partial None
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
6462 CVE-2020-24352 119 DoS Overflow 2020-10-16 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
6463 CVE-2020-24366 200 +Info 2020-11-16 2021-07-21
2.1
None Local Low Not required Partial None None
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
6464 CVE-2020-24448 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
6465 CVE-2020-24452 20 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.
6466 CVE-2020-24460 276 DoS 2020-11-12 2020-11-20
2.1
None Local Low Not required None None Partial
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access.
6467 CVE-2020-24475 665 DoS 2021-06-09 2021-07-01
2.1
None Local Low Not required None None Partial
Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.
6468 CVE-2020-24480 787 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.
6469 CVE-2020-24486 20 DoS 2021-06-09 2021-08-10
2.1
None Local Low Not required None None Partial
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
6470 CVE-2020-24492 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.
6471 CVE-2020-24493 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.
6472 CVE-2020-24494 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
6473 CVE-2020-24495 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
6474 CVE-2020-24496 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
6475 CVE-2020-24497 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
6476 CVE-2020-24498 120 DoS Overflow 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
6477 CVE-2020-24500 120 DoS Overflow 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.
6478 CVE-2020-24502 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.
6479 CVE-2020-24503 863 2021-02-17 2021-07-21
2.1
None Local Low Not required Partial None None
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
6480 CVE-2020-24504 400 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.
6481 CVE-2020-24505 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
6482 CVE-2020-24506 125 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.
6483 CVE-2020-24507 665 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.
6484 CVE-2020-24511 668 2021-06-09 2021-09-09
2.1
None Local Low Not required Partial None None
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
6485 CVE-2020-24512 203 2021-06-09 2021-09-09
2.1
None Local Low Not required Partial None None
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
6486 CVE-2020-24513 Bypass 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
6487 CVE-2020-24564 125 Exec Code +Info 2020-09-29 2020-10-02
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.
6488 CVE-2020-24565 125 Exec Code +Info 2020-09-29 2020-10-02
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
6489 CVE-2020-24586 2021-05-11 2021-12-03
2.9
None Local Network Medium Not required Partial None None
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
6490 CVE-2020-24588 306 2021-05-11 2021-10-28
2.9
None Local Network Medium Not required None Partial None
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
6491 CVE-2020-24620 798 2020-10-01 2021-02-12
2.1
None Local Low Not required Partial None None
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
6492 CVE-2020-24661 295 2020-08-26 2020-09-08
2.6
None Remote High Not required Partial None None
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
6493 CVE-2020-24693 2020-12-18 2020-12-18
2.1
None Local Low Not required Partial None None
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
6494 CVE-2020-24722 294 2020-10-07 2020-10-23
2.6
None Remote High Not required None Partial None
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks."
6495 CVE-2020-24890 476 Exec Code 2020-09-16 2020-11-23
2.6
None Remote High Not required None None Partial
** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way.
6496 CVE-2020-25046 532 +Info 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).
6497 CVE-2020-25047 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).
6498 CVE-2020-25048 74 2020-08-31 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
6499 CVE-2020-25084 416 2020-09-25 2021-02-24
2.1
None Local Low Not required None None Partial
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
6500 CVE-2020-25204 2020-10-28 2020-11-04
2.1
None Local Low Not required None Partial None
The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.