CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2020-24492 863 DoS 2021-02-17 2021-07-21
2.1
None Local Low Not required None None Partial
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.
1102 CVE-2020-24486 20 DoS 2021-06-09 2021-08-10
2.1
None Local Low Not required None None Partial
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
1103 CVE-2020-24480 787 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access.
1104 CVE-2020-24475 665 DoS 2021-06-09 2021-07-01
2.1
None Local Low Not required None None Partial
Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.
1105 CVE-2020-24460 276 DoS 2020-11-12 2020-11-20
2.1
None Local Low Not required None None Partial
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access.
1106 CVE-2020-24452 20 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access.
1107 CVE-2020-24448 DoS 2021-02-17 2021-02-23
2.1
None Local Low Not required None None Partial
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
1108 CVE-2020-24366 200 +Info 2020-11-16 2021-07-21
2.1
None Local Low Not required Partial None None
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
1109 CVE-2020-24352 119 DoS Overflow 2020-10-16 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
1110 CVE-2020-24349 20 2020-08-13 2020-09-18
2.1
None Local Low Not required None Partial None
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
1111 CVE-2020-24348 125 2020-08-13 2020-09-18
2.1
None Local Low Not required None None Partial
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
1112 CVE-2020-24347 125 2020-08-13 2020-09-18
2.1
None Local Low Not required None None Partial
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
1113 CVE-2020-24003 2021-01-11 2021-01-14
2.1
None Local Low Not required Partial None None
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
1114 CVE-2020-23856 416 DoS 2021-05-18 2021-06-01
2.1
None Local Low Not required None None Partial
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
1115 CVE-2020-23250 327 2021-01-05 2021-01-08
2.1
None Local Low Not required Partial None None
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in internal database.
1116 CVE-2020-23139 287 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
1117 CVE-2020-23136 613 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber v1.1.18 is affected by no session expiry after log-out.
1118 CVE-2020-23058 287 2021-10-22 2021-10-28
2.1
None Local Low Not required Partial None None
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
1119 CVE-2020-21588 120 Overflow 2021-04-02 2021-04-08
2.1
None Local Low Not required None None Partial
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
1120 CVE-2020-18442 835 DoS 2021-06-18 2021-07-01
2.1
None Local Low Not required None None Partial
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
1121 CVE-2020-17521 2020-12-07 2021-10-20
2.1
None Local Low Not required Partial None None
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
1122 CVE-2020-17490 732 2020-11-06 2021-03-30
2.1
None Local Low Not required Partial None None
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
1123 CVE-2020-17402 732 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.
1124 CVE-2020-17401 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.
1125 CVE-2020-17398 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.
1126 CVE-2020-17394 129 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.
1127 CVE-2020-17393 20 Exec Code +Info 2020-08-25 2020-08-28
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.
1128 CVE-2020-17391 749 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.
1129 CVE-2020-17138 200 +Info 2020-12-10 2021-07-21
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094.
1130 CVE-2020-17126 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
1131 CVE-2020-17113 125 2020-11-11 2020-11-24
2.1
None Local Low Not required Partial None None
Windows Camera Codec Information Disclosure Vulnerability
1132 CVE-2020-17102 2020-11-11 2020-12-01
2.1
None Local Low Not required Partial None None
WebP Image Extensions Information Disclosure Vulnerability
1133 CVE-2020-17100 2020-11-11 2020-12-01
2.1
None Local Low Not required None Partial None
Visual Studio Tampering Vulnerability
1134 CVE-2020-17098 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
1135 CVE-2020-17094 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17138.
1136 CVE-2020-17071 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows Delivery Optimization Information Disclosure Vulnerability
1137 CVE-2020-17069 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows NDIS Information Disclosure Vulnerability
1138 CVE-2020-17056 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Network File System Information Disclosure Vulnerability
1139 CVE-2020-17020 287 Bypass 2020-11-11 2021-07-21
2.1
None Local Low Not required Partial None None
Microsoft Word Security Feature Bypass Vulnerability
1140 CVE-2020-17013 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Win32k Information Disclosure Vulnerability
1141 CVE-2020-17004 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Graphics Component Information Disclosure Vulnerability
1142 CVE-2020-17000 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Remote Desktop Protocol Client Information Disclosure Vulnerability
1143 CVE-2020-16999 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows WalletService Information Disclosure Vulnerability
1144 CVE-2020-16994 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.
1145 CVE-2020-16991 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994.
1146 CVE-2020-16990 732 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985.
1147 CVE-2020-16986 DoS 2020-11-11 2020-11-20
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
1148 CVE-2020-16985 908 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990.
1149 CVE-2020-16942 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
1150 CVE-2020-16941 200 +Info 2020-10-16 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.