Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0053 | 1 Intel | 30 7265, 7265 Firmware, Ac1550 and 27 more | 2024-11-21 | 5.7 Medium |
| Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2020-9964 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. | ||||
| CVE-2020-9863 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2020-9833 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. | ||||
| CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 5.3 Medium |
| An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | ||||
| CVE-2020-8918 | 1 Google | 1 Go-tpm | 2024-11-21 | 6.3 Medium |
| An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'. | ||||
| CVE-2020-8744 | 2 Intel, Siemens | 9 Converged Security And Management Engine, Server Platform Services, Trusted Execution Engine and 6 more | 2024-11-21 | 7.8 High |
| Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-5529 | 4 Apache, Canonical, Debian and 1 more | 4 Camel, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 8.1 High |
| HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application. | ||||
| CVE-2020-4067 | 5 Canonical, Coturn Project, Debian and 2 more | 5 Ubuntu Linux, Coturn, Debian Linux and 2 more | 2024-11-21 | 7 High |
| In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. | ||||
| CVE-2020-3919 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2020-3872 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory. | ||||
| CVE-2020-3811 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2024-11-21 | 7.5 High |
| qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | ||||
| CVE-2020-3573 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-11-21 | 7.8 High |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | ||||
| CVE-2020-35508 | 3 Linux, Netapp, Redhat | 34 Linux Kernel, A700s, A700s Firmware and 31 more | 2024-11-21 | 4.5 Medium |
| A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. | ||||
| CVE-2020-35342 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.5 High |
| GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | ||||
| CVE-2020-28241 | 4 Debian, Fedoraproject, Maxmind and 1 more | 6 Debian Linux, Fedora, Libmaxminddb and 3 more | 2024-11-21 | 6.5 Medium |
| libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | ||||
| CVE-2020-28019 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 High |
| Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA. | ||||
| CVE-2020-26957 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | ||||
| CVE-2020-26933 | 1 Trustedcomputinggroup | 1 Trusted Platform Module | 2024-11-21 | 7.2 High |
| Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. | ||||
| CVE-2020-26886 | 1 Softaculous | 1 Softaculous | 2024-11-21 | 7.8 High |
| Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. | ||||