CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2020-17402 732 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063.
552 CVE-2020-17401 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11363.
553 CVE-2020-17398 129 Exec Code +Info 2020-08-25 2020-08-26
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-11302.
554 CVE-2020-17394 129 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.
555 CVE-2020-17393 20 Exec Code +Info 2020-08-25 2020-08-28
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.
556 CVE-2020-17391 749 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.
557 CVE-2020-17138 200 +Info 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094.
558 CVE-2020-17126 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
559 CVE-2020-17113 125 2020-11-11 2020-11-24
2.1
None Local Low Not required Partial None None
Windows Camera Codec Information Disclosure Vulnerability
560 CVE-2020-17102 2020-11-11 2020-12-01
2.1
None Local Low Not required Partial None None
WebP Image Extensions Information Disclosure Vulnerability
561 CVE-2020-17100 2020-11-11 2020-12-01
2.1
None Local Low Not required None Partial None
Visual Studio Tampering Vulnerability
562 CVE-2020-17098 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
563 CVE-2020-17094 2020-12-10 2021-03-03
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17138.
564 CVE-2020-17071 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows Delivery Optimization Information Disclosure Vulnerability
565 CVE-2020-17069 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows NDIS Information Disclosure Vulnerability
566 CVE-2020-17056 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Network File System Information Disclosure Vulnerability
567 CVE-2020-17020 287 Bypass 2020-11-11 2020-11-19
2.1
None Local Low Not required Partial None None
Microsoft Word Security Feature Bypass Vulnerability
568 CVE-2020-17013 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Win32k Information Disclosure Vulnerability
569 CVE-2020-17004 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Graphics Component Information Disclosure Vulnerability
570 CVE-2020-17000 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Remote Desktop Protocol Client Information Disclosure Vulnerability
571 CVE-2020-16999 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows WalletService Information Disclosure Vulnerability
572 CVE-2020-16994 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.
573 CVE-2020-16991 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994.
574 CVE-2020-16990 732 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985.
575 CVE-2020-16986 DoS 2020-11-11 2020-11-20
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
576 CVE-2020-16985 908 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990.
577 CVE-2020-16942 200 +Info 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
578 CVE-2020-16941 200 +Info 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.
579 CVE-2020-16938 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16901.
580 CVE-2020-16922 347 2020-10-16 2020-10-20
2.1
None Local Low Not required None Partial None
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
581 CVE-2020-16921 119 Overflow 2020-10-16 2020-10-22
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka 'Windows Text Services Framework Information Disclosure Vulnerability'.
582 CVE-2020-16919 200 +Info 2020-10-16 2020-10-22
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka 'Windows Enterprise App Management Service Information Disclosure Vulnerability'.
583 CVE-2020-16914 200 +Info 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.
584 CVE-2020-16901 665 2020-10-16 2020-10-20
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16938.
585 CVE-2020-16897 2020-10-16 2020-10-22
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'.
586 CVE-2020-16889 200 +Info 2020-10-16 2020-10-26
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.
587 CVE-2020-16879 20 2020-09-11 2020-09-17
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'.
588 CVE-2020-16854 2020-09-11 2020-09-16
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.
589 CVE-2020-16280 522 2020-08-20 2020-08-26
2.1
None Local Low Not required Partial None None
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.
590 CVE-2020-16241 863 2020-08-21 2020-08-27
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
591 CVE-2020-16237 20 2020-08-21 2020-08-27
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
592 CVE-2020-16230 2020-09-18 2021-03-26
2.1
None Local Low Not required Partial None None
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
593 CVE-2020-16218 79 XSS 2020-09-11 2020-09-15
2.7
None Local Network Low ??? Partial None None
Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
594 CVE-2020-16150 203 2020-09-02 2020-09-25
2.1
None Local Low Not required Partial None None
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
595 CVE-2020-16142 20 2020-08-27 2020-12-02
2.9
None Local Network Medium Not required None None Partial
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
596 CVE-2020-16128 209 2020-12-09 2020-12-11
2.1
None Local Low Not required Partial None None
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
597 CVE-2020-16127 835 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
598 CVE-2020-16126 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
599 CVE-2020-16123 362 2020-12-04 2020-12-10
2.1
None Local Low Not required Partial None None
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
600 CVE-2020-16122 2020-11-07 2021-04-14
2.1
None Local Low Not required None Partial None
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.