Export limit exceeded: 336540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7756 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0685 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191055353 | ||||
| CVE-2021-0549 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 | ||||
| CVE-2021-0220 | 1 Juniper | 1 Junos Space | 2024-11-21 | 6.8 Medium |
| The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. | ||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 5 Medium |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
| CVE-2021-0148 | 1 Intel | 36 Ssd D-s4510, Ssd D-s4510 Firmware, Ssd D5-p4320 and 33 more | 2024-11-21 | 4.4 Medium |
| Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0094 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 7.8 High |
| Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2020-9901 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 7.8 High |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2020-9900 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2020-9682 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2024-11-21 | 9.8 Critical |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. | ||||
| CVE-2020-9670 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2024-11-21 | 9.8 Critical |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9664 | 1 Magento | 1 Magento | 2024-11-21 | 9.8 Critical |
| Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2020-9548 | 5 Debian, Fasterxml, Netapp and 2 more | 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | ||||
| CVE-2020-9547 | 5 Debian, Fasterxml, Netapp and 2 more | 28 Debian Linux, Jackson-databind, Active Iq Unified Manager and 25 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | ||||
| CVE-2020-9546 | 5 Debian, Fasterxml, Netapp and 2 more | 42 Debian Linux, Jackson-databind, Active Iq Unified Manager and 39 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 8.8 High |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | ||||
| CVE-2020-9496 | 1 Apache | 1 Ofbiz | 2024-11-21 | 6.1 Medium |
| XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | ||||
| CVE-2020-9493 | 2 Apache, Qos | 3 Chainsaw, Log4j, Reload4j | 2024-11-21 | 9.8 Critical |
| A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | ||||
| CVE-2020-9486 | 1 Apache | 1 Nifi | 2024-11-21 | 7.5 High |
| In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. | ||||
| CVE-2020-9484 | 8 Apache, Canonical, Debian and 5 more | 30 Tomcat, Ubuntu Linux, Debian Linux and 27 more | 2024-11-21 | 7.0 High |
| When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. | ||||