Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15989 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-0452 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117261 | |||||
| CVE-2020-9964 | 1 Apple | 2 Ipad Os, Iphone Os | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. | |||||
| CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
| CVE-2020-25662 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-0450 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880 | |||||
| CVE-2020-10139 | 1 Acronis | 1 True Image | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
| CVE-2019-14556 | 1 Intel | 55 Bios, Celeron 4205u, Celeron 4305u and 52 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-1661 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2020-3573 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2021-0449 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965 | |||||
| CVE-2020-0450 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336 | |||||
| CVE-2020-0272 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487 | |||||
| CVE-2020-12336 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-26886 | 1 Softaculous | 1 Softaculous | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. | |||||
| CVE-2020-26957 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||
| CVE-2019-10196 | 3 Fedoraproject, Http-proxy-agent Project, Redhat | 4 Fedora, Http-proxy-agent, Enterprise Linux and 1 more | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
| A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | |||||
| CVE-2020-0438 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320 | |||||
| CVE-2020-0522 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-12326 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. | |||||