Total
275 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10139 | 1 Acronis | 1 True Image | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
CVE-2019-14556 | 1 Intel | 55 Bios, Celeron 4205u, Celeron 4305u and 52 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2021-1661 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Windows Installer Elevation of Privilege Vulnerability | |||||
CVE-2020-3573 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
CVE-2021-0449 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965 | |||||
CVE-2020-0450 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336 | |||||
CVE-2020-0272 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-130166487 | |||||
CVE-2020-12336 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-26886 | 1 Softaculous | 1 Softaculous | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. | |||||
CVE-2020-26957 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||
CVE-2019-10196 | 3 Fedoraproject, Http-proxy-agent Project, Redhat | 4 Fedora, Http-proxy-agent, Enterprise Linux and 1 more | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | |||||
CVE-2020-0438 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320 | |||||
CVE-2020-0522 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2020-12326 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-0453 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199 | |||||
CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | |||||
CVE-2020-11655 | 7 Canonical, Debian, Netapp and 4 more | 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | |||||
CVE-2020-0506 | 1 Intel | 1 Graphics Driver | 2024-02-04 | 2.1 LOW | 2.3 LOW |
Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access. | |||||
CVE-2020-0529 | 1 Intel | 158 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 155 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-8918 | 1 Google | 1 Go-tpm | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'. |