CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2020-25741 476 2020-10-02 2020-10-14
2.1
None Local Low Not required None None Partial
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
1052 CVE-2020-25723 617 DoS 2020-12-02 2020-12-28
2.1
None Local Low Not required None None Partial
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
1053 CVE-2020-25688 798 +Info 2020-11-23 2020-12-08
2.7
None Local Network Low ??? Partial None None
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.
1054 CVE-2020-25678 312 2021-01-08 2021-05-28
2.1
None Local Low Not required Partial None None
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
1055 CVE-2020-25677 312 2020-12-08 2021-03-04
2.1
None Local Low Not required Partial None None
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
1056 CVE-2020-25650 770 DoS 2020-11-25 2021-02-19
2.1
None Local Low Not required None None Partial
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.
1057 CVE-2020-25635 212 2020-10-05 2020-10-08
2.1
None Local Low Not required Partial None None
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
1058 CVE-2020-25621 287 2020-12-16 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
1059 CVE-2020-25598 670 DoS 2020-09-23 2020-11-11
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.
1060 CVE-2020-25596 74 DoS 2020-09-23 2020-11-11
2.1
None Local Low Not required None None Partial
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.
1061 CVE-2020-25374 613 2020-10-28 2020-12-02
2.1
None Remote High ??? Partial None None
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
1062 CVE-2020-25340 770 DoS 2021-02-16 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).
1063 CVE-2020-25289 59 2020-09-13 2020-09-17
2.1
None Local Low Not required None Partial None
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
1064 CVE-2020-25233 321 2020-12-14 2020-12-16
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.
1065 CVE-2020-25231 321 2020-12-14 2020-12-16
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.
1066 CVE-2020-25204 2020-10-28 2020-11-04
2.1
None Local Low Not required None Partial None
The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications.
1067 CVE-2020-25084 416 2020-09-25 2021-02-24
2.1
None Local Low Not required None None Partial
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
1068 CVE-2020-25048 74 2020-08-31 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020).
1069 CVE-2020-25047 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).
1070 CVE-2020-25046 532 +Info 2020-08-31 2020-09-03
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).
1071 CVE-2020-24890 476 Exec Code 2020-09-16 2020-11-23
2.6
None Remote High Not required None None Partial
** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way.
1072 CVE-2020-24722 294 2020-10-07 2020-10-23
2.6
None Remote High Not required None Partial None
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks."
1073 CVE-2020-24693 2020-12-18 2020-12-18
2.1
None Local Low Not required Partial None None
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
1074 CVE-2020-24661 295 2020-08-26 2020-09-08
2.6
None Remote High Not required Partial None None
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.
1075 CVE-2020-24620 798 2020-10-01 2021-02-12
2.1
None Local Low Not required Partial None None
Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials.
1076 CVE-2020-24588 306 2021-05-11 2021-10-28
2.9
None Local Network Medium Not required None Partial None
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
1077 CVE-2020-24586 2021-05-11 2021-10-28
2.9
None Local Network Medium Not required Partial None None
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
1078 CVE-2020-24565 125 Exec Code +Info 2020-09-29 2020-10-02
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
1079 CVE-2020-24564 125 Exec Code +Info 2020-09-29 2020-10-02
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.
1080 CVE-2020-24513 Bypass 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1081 CVE-2020-24512 203 2021-06-09 2021-09-09
2.1
None Local Low Not required Partial None None
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1082 CVE-2020-24511 668 2021-06-09 2021-09-09
2.1
None Local Low Not required Partial None None
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1083 CVE-2020-24507 665 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.
1084 CVE-2020-24506 125 2021-06-09 2021-08-10
2.1
None Local Low Not required Partial None None
Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.
1085 CVE-2020-24505 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
1086 CVE-2020-24504 400 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.
1087 CVE-2020-24503 863 2021-02-17 2021-07-21
2.1
None Local Low Not required Partial None None
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
1088 CVE-2020-24502 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access.
1089 CVE-2020-24500 120 DoS Overflow 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.
1090 CVE-2020-24498 120 DoS Overflow 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
1091 CVE-2020-24497 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
1092 CVE-2020-24496 20 DoS 2021-02-17 2021-02-22
2.1
None Local Low Not required None None Partial
Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
1093 CVE-2020-24495 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
1094 CVE-2020-24494 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
1095 CVE-2020-24493 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.
1096 CVE-2020-24492 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.
1097 CVE-2020-24486 20 DoS 2021-06-09 2021-08-10
2.1
None Local Low Not required None None Partial
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
1098 CVE-2020-24480 787 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.
1099 CVE-2020-24475 665 DoS 2021-06-09 2021-07-01
2.1
None Local Low Not required None None Partial
Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.
1100 CVE-2020-24460 276 DoS 2020-11-12 2020-11-20
2.1
None Local Low Not required None None Partial
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.