Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11297 | 1 Qualcomm | 526 Apq8096au, Apq8096au Firmware, Aqt1000 and 523 more | 2021-03-02 | 7.8 HIGH | 7.5 HIGH |
| Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames are dropped in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2020-35577 | 1 Endalia | 1 Selection Portal | 2021-02-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number). | |||||
| CVE-2020-11177 | 1 Qualcomm | 814 Apq8009, Apq8009 Firmware, Apq8009w and 811 more | 2021-02-26 | 7.2 HIGH | 8.8 HIGH |
| User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-35737 | 1 Newgensoft | 1 Egov | 2021-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference. | |||||
| CVE-2003-0264 | 1 Seattle Lab Software | 1 Slmail | 2021-02-24 | 7.5 HIGH | N/A |
| Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server. | |||||
| CVE-2021-26712 | 1 Digium | 2 Asterisk, Certified Asterisk | 2021-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. | |||||
| CVE-2020-24481 | 1 Intel | 1 Quartus | 2021-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24448 | 1 Intel | 1 Graphics Drivers | 2021-02-23 | 2.1 LOW | 5.5 MEDIUM |
| Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12384 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-0544 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0521 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8678 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-12339 | 1 Intel | 1 Collaboration Suite | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-25141 | 2 Arubanetworks, Hpe | 30 Aruba 2530ya, Aruba 2530ya Firmware, Aruba 2530yb and 27 more | 2021-02-16 | 4.9 MEDIUM | 4.4 MEDIUM |
| A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit this vulnerability. | |||||
| CVE-2020-27259 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2021-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-4996 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-02-11 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. | |||||
| CVE-2020-27904 | 1 Apple | 1 Macos | 2021-02-10 | 9.3 HIGH | 7.8 HIGH |
| A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-27222 | 1 Eclipse | 1 Californium | 2021-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS. | |||||
| CVE-2020-8807 | 1 Electriccoin | 1 Zcashd | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel. | |||||
| CVE-2020-28449 | 1 Decal Project | 1 Decal | 2021-02-08 | 7.5 HIGH | 8.6 HIGH |
| This affects all versions of package decal. The vulnerability is in the set function. | |||||