Export limit exceeded: 11196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0095 | 1 Intel | 539 Bios, Core I3-l13g4, Core I5-l16g7 and 536 more | 2024-11-21 | 4.4 Medium |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | ||||
| CVE-2021-0061 | 2 Intel, Microsoft | 2 Graphics Drivers, Windows | 2024-11-21 | 7.8 High |
| Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-0053 | 1 Intel | 30 7265, 7265 Firmware, Ac1550 and 27 more | 2024-11-21 | 5.7 Medium |
| Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2020-9995 | 1 Apple | 1 Macos Server | 2024-11-21 | 6.1 Medium |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | ||||
| CVE-2020-9964 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. | ||||
| CVE-2020-9959 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.4 Low |
| A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. | ||||
| CVE-2020-9946 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 6.8 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. | ||||
| CVE-2020-9863 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2020-9861 | 1 Apple | 1 Swift | 2024-11-21 | 7.5 High |
| A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input. | ||||
| CVE-2020-9833 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. | ||||
| CVE-2020-9775 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 5.3 Medium |
| An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time. | ||||
| CVE-2020-9752 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 9.8 Critical |
| Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | ||||
| CVE-2020-9482 | 1 Apache | 1 Nifi Registry | 2024-11-21 | 6.5 Medium |
| If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to make API requests to NiFi Registry. | ||||
| CVE-2020-9468 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 Medium |
| The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | ||||
| CVE-2020-9425 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.5 High |
| An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | ||||
| CVE-2020-9384 | 1 Subex | 1 Roc Partner Settlement | 2024-11-21 | 8.8 High |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application | ||||
| CVE-2020-9352 | 1 Smartclient | 1 Smartclient | 2024-11-21 | 9.8 Critical |
| An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." | ||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.3 Medium |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | ||||
| CVE-2020-9243 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user installing and execute a malicious application. Successful exploit could cause a denial of service condition. | ||||
| CVE-2020-9044 | 1 Johnsoncontrols | 20 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Lonworks Control Server and 17 more | 2024-11-21 | 7.5 High |
| XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1. | ||||