Export limit exceeded: 29857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1188 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11875 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020). | ||||
| CVE-2020-11743 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. | ||||
| CVE-2020-11243 | 1 Qualcomm | 274 Aqt1000, Aqt1000 Firmware, Ar8035 and 271 more | 2024-11-21 | 7.5 High |
| RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | ||||
| CVE-2020-11012 | 1 Minio | 1 Minio | 2024-11-21 | 9.3 Critical |
| MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. | ||||
| CVE-2020-10604 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | 7.5 High |
| In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. | ||||
| CVE-2020-10571 | 1 Psd-tools Project | 1 Psd-tools | 2024-11-21 | 9.8 Critical |
| An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. | ||||
| CVE-2020-10135 | 3 Bluetooth, Opensuse, Redhat | 3 Bluetooth Core, Leap, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. | ||||
| CVE-2020-10101 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process. | ||||
| CVE-2020-0588 | 1 Intel | 76 Bios, Xeon Bronze 3204, Xeon Bronze 3206r and 73 more | 2024-11-21 | 6.7 Medium |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0587 | 1 Intel | 114 Bios, Core I5-7640x, Core I7-3820 and 111 more | 2024-11-21 | 6.7 Medium |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0512 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 5.5 Medium |
| Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-0511 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 5.5 Medium |
| Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2020-0443 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253 | ||||
| CVE-2020-0421 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161894517 | ||||
| CVE-2020-0382 | 1 Google | 1 Android | 2024-11-21 | 2.3 Low |
| In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-152944488 | ||||
| CVE-2020-0318 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131 | ||||
| CVE-2020-0247 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 | ||||
| CVE-2020-0108 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616 | ||||
| CVE-2020-0004 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476 | ||||
| CVE-2019-9735 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2024-11-21 | N/A |
| An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.) | ||||