Total
9588 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0606 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487 | ||||
| CVE-2021-0602 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895 | ||||
| CVE-2021-0291 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.5 Medium |
| An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1. | ||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 5 Medium |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
| CVE-2021-0210 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 Medium |
| An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. | ||||
| CVE-2021-0003 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-11-21 | 5.5 Medium |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0002 | 2 Fedoraproject, Intel | 3 Fedora, Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-11-21 | 7.1 High |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | ||||
| CVE-2020-9849 | 1 Apple | 6 Icloud, Ipados, Itunes and 3 more | 2024-11-21 | 6.5 Medium |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. | ||||
| CVE-2020-9733 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 7.5 High |
| An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9387 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 Medium |
| In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on. | ||||
| CVE-2020-9386 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 Medium |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. | ||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2024-11-21 | 6.5 Medium |
| In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | ||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.5 Medium |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | ||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 8.8 High |
| The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2024-11-21 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-8832 | 2 Canonical, Netapp | 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more | 2024-11-21 | 5.5 Medium |
| The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | ||||
| CVE-2020-8695 | 4 Debian, Fedoraproject, Intel and 1 more | 605 Debian Linux, Fedora, Celeron 3855u and 602 more | 2024-11-21 | 5.5 Medium |
| Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-8694 | 1 Intel | 598 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 595 more | 2024-11-21 | 5.5 Medium |
| Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-8647 | 4 Debian, Linux, Opensuse and 1 more | 6 Debian Linux, Linux Kernel, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | ||||