Vulnerabilities (CVE)

Total 2859 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25343 2 Google, Samsung 2 Android, Members 2023-12-10 2.1 LOW 3.3 LOW
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2020-4886 1 Ibm 1 Infosphere Information Server 2023-12-10 2.1 LOW 3.3 LOW
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
CVE-2020-14798 4 Debian, Netapp, Opensuse and 1 more 17 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 14 more 2023-12-10 2.6 LOW 3.1 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2020-29443 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 3.3 LOW 3.9 LOW
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-29371 1 Linux 1 Linux Kernel 2023-12-10 2.1 LOW 3.3 LOW
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
CVE-2021-27584 1 Sap 1 3d Visual Enterprise Viewer 2023-12-10 4.3 MEDIUM 3.3 LOW
When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2020-24404 1 Magento 1 Magento 2023-12-10 5.5 MEDIUM 2.7 LOW
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
CVE-2020-27776 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2023-12-10 4.3 MEDIUM 3.3 LOW
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2020-27774 3 Debian, Imagemagick, Redhat 3 Debian Linux, Imagemagick, Enterprise Linux 2023-12-10 4.3 MEDIUM 3.3 LOW
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2020-9912 1 Apple 1 Safari 2023-12-10 2.1 LOW 3.3 LOW
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.
CVE-2019-8642 1 Apple 1 Mac Os X 2023-12-10 4.3 MEDIUM 3.3 LOW
An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
CVE-2020-28838 1 Opencart 1 Opencart 2023-12-10 3.5 LOW 3.5 LOW
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
CVE-2021-21726 1 Zte 6 Zxone 19700, Zxone 19700 Firmware, Zxone 8700 and 3 more 2023-12-10 2.1 LOW 2.3 LOW
Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>
CVE-2020-29042 1 Bigbluebutton 1 Bigbluebutton 2023-12-10 4.3 MEDIUM 3.7 LOW
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVE-2020-15731 1 Bitdefender 1 Engines 2023-12-10 4.3 MEDIUM 3.6 LOW
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-24439 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2023-12-10 1.2 LOW 2.8 LOW
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.
CVE-2020-14779 5 Debian, Fedoraproject, Netapp and 2 more 18 Debian Linux, Fedora, 7-mode Transition Tool and 15 more 2023-12-10 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-16121 2 Canonical, Packagekit Project 2 Ubuntu Linux, Packagekit 2023-12-10 2.1 LOW 3.3 LOW
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
CVE-2021-25342 2 Google, Samsung 2 Android, Members 2023-12-10 2.1 LOW 3.3 LOW
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-27645 3 Debian, Fedoraproject, Gnu 3 Debian Linux, Fedora, Glibc 2023-12-10 1.9 LOW 2.5 LOW
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.