CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2021-0005 755 DoS 2021-08-11 2021-09-14
2.1
None Local Low Not required None None Partial
Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
902 CVE-2021-0004 119 DoS Overflow 2021-08-11 2021-09-14
2.1
None Local Low Not required None None Partial
Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
903 CVE-2021-0003 755 2021-08-11 2021-09-14
2.1
None Local Low Not required Partial None None
Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.
904 CVE-2021-0001 203 2021-06-09 2021-06-28
2.1
None Local Low Not required Partial None None
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.
905 CVE-2020-36431 787 2021-07-20 2021-07-27
2.1
None Local Low Not required None None Partial
Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.
906 CVE-2020-36429 787 2021-07-20 2021-07-28
2.1
None Local Low Not required None None Partial
Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.
907 CVE-2020-36314 22 Dir. Trav. 2021-04-07 2021-06-03
2.6
None Local High Not required None Partial Partial
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
908 CVE-2020-36312 401 2021-04-07 2021-04-13
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
909 CVE-2020-36311 DoS 2021-04-07 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
910 CVE-2020-36310 835 2021-04-07 2021-04-13
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
911 CVE-2020-36252 668 2021-02-19 2021-07-21
2.7
None Local Network Low ??? Partial None None
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
912 CVE-2020-36250 326 Bypass 2021-02-19 2021-07-21
2.1
None Local Low Not required Partial None None
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
913 CVE-2020-36248 312 Bypass 2021-02-19 2021-02-25
2.1
None Local Low Not required Partial None None
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
914 CVE-2020-36241 59 Dir. Trav. 2021-02-05 2021-07-21
2.1
None Local Low Not required Partial None None
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
915 CVE-2020-36205 415 2021-01-26 2021-02-03
2.1
None Local Low Not required None None Partial
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
916 CVE-2020-35927 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types.
917 CVE-2020-35925 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.
918 CVE-2020-35924 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type.
919 CVE-2020-35922 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
920 CVE-2020-35921 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
921 CVE-2020-35920 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
922 CVE-2020-35919 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
923 CVE-2020-35917 416 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>.
924 CVE-2020-35916 400 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
925 CVE-2020-35915 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.
926 CVE-2020-35910 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
927 CVE-2020-35908 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.
928 CVE-2020-35907 476 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.
929 CVE-2020-35904 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.
930 CVE-2020-35903 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.
931 CVE-2020-35900 416 2020-12-31 2021-01-06
2.1
None Local Low Not required Partial None None
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.
932 CVE-2020-35899 416 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
933 CVE-2020-35804 200 +Info 2020-12-30 2021-07-21
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34.
934 CVE-2020-35803 2020-12-30 2021-01-04
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74.
935 CVE-2020-35786 120 Overflow 2020-12-30 2020-12-30
2.7
None Local Network Low ??? None None Partial
NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.
936 CVE-2020-35753 79 XSS 2021-01-26 2021-02-22
2.6
None Remote High Not required None Partial None
The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter.
937 CVE-2020-35609 74 DoS 2020-12-22 2021-07-21
2.1
None Local Low Not required None None Partial
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.
938 CVE-2020-35549 2020-12-18 2020-12-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
939 CVE-2020-35548 DoS 2020-12-18 2020-12-21
2.1
None Local Low Not required None None Partial
An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).
940 CVE-2020-35505 476 DoS 2021-05-28 2021-07-13
2.1
None Local Low Not required None None Partial
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
941 CVE-2020-35504 476 DoS 2021-05-28 2021-07-13
2.1
None Local Low Not required None None Partial
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
942 CVE-2020-35503 476 DoS 2021-06-02 2021-07-20
2.1
None Local Low Not required None None Partial
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
943 CVE-2020-35455 522 2021-03-17 2021-03-23
2.1
None Local Low Not required Partial None None
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
944 CVE-2020-35454 522 2021-03-17 2021-03-23
2.1
None Local Low Not required Partial None None
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
945 CVE-2020-29660 416 2020-12-09 2021-11-30
2.1
None Local Low Not required Partial None None
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
946 CVE-2020-29623 2021-04-02 2021-06-02
2.1
None Local Low Not required None Partial None
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.
947 CVE-2020-29621 862 Bypass 2021-04-02 2021-04-07
2.1
None Local Low Not required Partial None None
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.
948 CVE-2020-29562 617 DoS 2020-12-04 2021-03-19
2.1
None Remote High ??? None None Partial
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
949 CVE-2020-29556 22 Dir. Trav. CSRF 2021-03-15 2021-03-25
2.1
None Local Low Not required Partial None None
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
950 CVE-2020-29503 276 2021-07-19 2021-08-02
2.1
None Local Low Not required Partial None None
Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.