Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0035 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024 | |||||
| CVE-2020-12698 | 1 Dkd | 1 Direct Mail | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. | |||||
| CVE-2020-25283 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). | |||||
| CVE-2020-10187 | 1 Doorkeeper Project | 1 Doorkeeper | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | |||||
| CVE-2019-20599 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019). | |||||
| CVE-2019-20555 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019). | |||||
| CVE-2020-15518 | 1 Veeam | 2 Veeam Availability Suite, Veeam Backup \& Replication | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | |||||
| CVE-2020-0477 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of the current network configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162246414 | |||||
| CVE-2020-0468 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-158484422 | |||||
| CVE-2020-0084 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775 | |||||
| CVE-2020-11680 | 1 Castel | 2 Nextgen Dvr, Nextgen Dvr Firmware | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc. | |||||
| CVE-2020-0265 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | |||||
| CVE-2020-26415 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | |||||
| CVE-2020-15349 | 1 Binarynights | 1 Forklift | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. | |||||
| CVE-2020-27054 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926 | |||||
| CVE-2020-10116 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | |||||
| CVE-2020-0239 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863 | |||||
| CVE-2020-0107 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216 | |||||
| CVE-2020-0327 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 | |||||
| CVE-2020-8495 | 1 Kronos | 1 Web Time And Attendance | 2021-07-21 | 6.0 MEDIUM | 7.5 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | |||||