CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2020-8694 2020-11-12 2021-05-11
2.1
None Local Low Not required Partial None None
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1502 CVE-2020-8685 287 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access.
1503 CVE-2020-8683 119 DoS Overflow 2020-08-13 2021-07-21
2.1
None Local Low Not required None None Partial
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
1504 CVE-2020-8682 125 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
1505 CVE-2020-8679 787 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.
1506 CVE-2020-8677 DoS 2020-11-12 2020-11-30
2.1
None Local Low Not required None None Partial
Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access.
1507 CVE-2020-8671 670 2020-10-05 2021-07-21
2.1
None Local Low Not required Partial None None
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.
1508 CVE-2020-8632 522 2020-02-05 2021-07-21
2.1
None Local Low Not required Partial None None
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
1509 CVE-2020-8631 330 2020-02-05 2020-02-21
2.1
None Local Low Not required Partial None None
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
1510 CVE-2020-8615 352 CSRF 2020-02-04 2020-03-02
2.6
None Remote High Not required None Partial None
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
1511 CVE-2020-8590 2021-02-08 2021-02-12
2.1
None Local Low Not required Partial None None
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
1512 CVE-2020-8589 2021-02-03 2021-02-08
2.7
None Local Network Low ??? Partial None None
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
1513 CVE-2020-8588 2021-02-03 2021-02-08
2.7
None Local Network Low ??? Partial None None
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
1514 CVE-2020-8587 2021-02-08 2021-02-12
2.1
None Local Low Not required Partial None None
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.
1515 CVE-2020-8585 59 2021-01-28 2021-02-03
2.1
None Local Low Not required Partial None None
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
1516 CVE-2020-8578 2021-02-08 2021-02-12
2.1
None Local Low Not required Partial None None
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
1517 CVE-2020-8575 DoS 2020-08-03 2020-08-09
2.1
None Local Low Not required None None Partial
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
1518 CVE-2020-8566 532 2020-12-07 2021-03-29
2.1
None Local Low Not required Partial None None
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
1519 CVE-2020-8565 532 2020-12-07 2020-12-08
2.1
None Local Low Not required Partial None None
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
1520 CVE-2020-8564 532 2020-12-07 2021-03-29
2.1
None Local Low Not required Partial None None
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
1521 CVE-2020-8563 532 2020-12-07 2021-03-29
2.1
None Local Low Not required Partial None None
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
1522 CVE-2020-8557 400 2020-07-23 2020-08-21
2.1
None Local Low Not required None None Partial
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
1523 CVE-2020-8482 922 2020-05-29 2020-06-01
2.1
None Local Low Not required Partial None None
Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
1524 CVE-2020-8478 74 2020-04-29 2020-05-13
2.1
None Local Low Not required None Partial None
Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.
1525 CVE-2020-8475 20 2020-04-29 2020-06-09
2.1
None Local Low Not required None None Partial
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.
1526 CVE-2020-8448 476 DoS 2020-01-30 2020-07-27
2.1
None Local Low Not required None None Partial
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.
1527 CVE-2020-8446 22 Dir. Trav. 2020-01-30 2020-07-27
2.1
None Local Low Not required None Partial None
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
1528 CVE-2020-8357 276 DoS 2021-03-09 2021-03-12
2.1
None Local Low Not required None None Partial
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
1529 CVE-2020-8352 2020-11-11 2020-11-25
2.1
None Local Low Not required None Partial None
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
1530 CVE-2020-8346 276 DoS 2020-09-15 2020-09-21
2.1
None Local Low Not required None None Partial
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
1531 CVE-2020-8341 2020-09-01 2020-09-11
2.1
None Local Low Not required None Partial None
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
1532 CVE-2020-8324 20 2020-04-14 2020-04-15
2.1
None Local Low Not required None Partial None
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.
1533 CVE-2020-8316 2020-04-14 2021-09-14
2.1
None Local Low Not required Partial None None
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
1534 CVE-2020-8276 312 2020-11-09 2020-11-18
2.1
None Local Low Not required Partial None None
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.
1535 CVE-2020-8230 787 Mem. Corr. 2020-08-17 2020-08-21
2.1
None Local Low Not required None None Partial
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
1536 CVE-2020-8152 522 2020-11-16 2020-12-26
2.1
None Local Low Not required None Partial None
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
1537 CVE-2020-8092 269 2020-01-30 2020-02-05
2.1
None Local Low Not required Partial None None
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
1538 CVE-2020-8029 732 2021-02-11 2021-02-19
2.1
None Local Low Not required Partial None None
A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416.
1539 CVE-2020-8003 415 DoS 2020-01-27 2020-01-27
2.1
None Local Low Not required None None Partial
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
1540 CVE-2020-8002 476 DoS 2020-01-27 2020-01-27
2.1
None Local Low Not required None None Partial
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
1541 CVE-2020-7958 200 Exec Code +Info 2020-04-14 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android. An attacker who is in the position to send commands to the TA (for example, the root user) is able to send a sequence of these commands that will result in the TA sending a raw fingerprint image to the REE. This means that the Trusted Execution Environment (TEE) no longer protects identifiable fingerprint data from the REE.
1542 CVE-2020-7945 522 2020-09-18 2020-09-30
2.1
None Local Low Not required Partial None None
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1.
1543 CVE-2020-7567 311 2020-11-19 2020-12-11
2.9
None Local Network Medium Not required Partial None None
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.
1544 CVE-2020-7517 312 2020-07-23 2020-07-27
2.1
None Local Low Not required Partial None None
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
1545 CVE-2020-7516 312 2020-07-23 2021-06-11
2.1
None Local Low Not required Partial None None
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
1546 CVE-2020-7515 798 2020-07-23 2021-06-11
2.1
None Local Low Not required Partial None None
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
1547 CVE-2020-7343 862 2021-01-18 2021-01-26
2.1
None Local Low Not required None Partial None
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
1548 CVE-2020-7322 532 2020-09-09 2021-10-19
2.1
None Local Low Not required Partial None None
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
1549 CVE-2020-7320 2020-09-09 2020-09-11
2.1
None Local Low Not required None Partial None
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
1550 CVE-2020-7318 79 XSS 2020-10-14 2020-12-23
2.3
None Local Network Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.