CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2020-7322 200 +Info 2020-09-09 2020-09-10
2.1
None Local Low Not required Partial None None
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.
1002 CVE-2020-7320 2020-09-09 2020-09-11
2.1
None Local Low Not required None Partial None
Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.
1003 CVE-2020-7318 79 XSS 2020-10-14 2020-12-23
2.3
None Local Network Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
1004 CVE-2020-7317 79 XSS 2020-10-14 2020-10-19
2.3
None Local Network Medium ??? None Partial None
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.
1005 CVE-2020-7307 522 2020-08-13 2020-10-19
2.1
None Local Low Not required Partial None None
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
1006 CVE-2020-7306 522 2020-08-13 2020-10-19
2.1
None Local Low Not required Partial None None
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text
1007 CVE-2020-7303 79 XSS 2020-08-13 2020-08-14
2.3
None Local Network Medium ??? None Partial None
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.
1008 CVE-2020-7297 287 2020-09-16 2020-10-19
2.7
None Local Network Low ??? Partial None None
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface.
1009 CVE-2020-7296 287 2020-09-15 2020-10-19
2.7
None Local Network Low ??? Partial None None
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected configuration files via improper access control in the user interface.
1010 CVE-2020-7273 269 2020-04-15 2020-04-20
2.1
None Local Low Not required None Partial None
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
1011 CVE-2020-7262 200 +Info 2020-06-22 2020-10-19
2.1
None Local Low Not required Partial None None
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter.
1012 CVE-2020-7261 120 Overflow 2020-04-15 2020-04-20
2.1
None Local Low Not required None Partial None
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.
1013 CVE-2020-7253 20 2020-03-12 2020-03-17
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility.
1014 CVE-2020-7251 863 2020-02-14 2020-02-27
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS.
1015 CVE-2020-7215 200 +Info 2020-01-20 2020-01-29
2.1
None Local Low Not required Partial None None
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event.
1016 CVE-2020-7030 200 +Info 2020-06-04 2020-06-09
2.1
None Local Low Not required Partial None None
A sensitive information disclosure vulnerability was discovered in the web interface component of IP Office that may potentially allow a local user to gain unauthorized access to the component. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 though 11.0.4.3.
1017 CVE-2020-7016 400 DoS 2020-07-27 2020-08-25
2.1
None Remote High ??? None None Partial
Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive.
1018 CVE-2020-6980 312 2020-03-16 2020-03-20
2.1
None Local Low Not required Partial None None
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.
1019 CVE-2020-6933 20 DoS 2020-10-14 2020-10-29
2.1
None Local Low Not required None None Partial
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
1020 CVE-2020-6879 20 Bypass 2020-11-19 2020-12-02
2.7
None Local Network Low ??? None Partial None
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.
1021 CVE-2020-6867 400 Overflow 2020-04-30 2020-05-06
2.1
None Local Low Not required None None Partial
ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE R22b versions V16.19.10P02SP002 and V16.19.10P02SP005.
1022 CVE-2020-6861 200 +Info 2020-05-06 2020-05-12
2.1
None Local Low Not required Partial None None
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.
1023 CVE-2020-6857 798 2020-01-21 2020-04-21
2.1
None Local Low Not required Partial None None
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
1024 CVE-2020-6653 200 +Info 2020-08-12 2020-08-19
2.1
None Local Low Not required Partial None None
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices.
1025 CVE-2020-6408 200 +Info 2020-02-11 2020-02-17
2.1
None Local Low Not required Partial None None
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
1026 CVE-2020-6317 200 +Info 2020-11-30 2020-12-04
2.7
None Local Network Low ??? Partial None None
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.
1027 CVE-2020-6297 200 +Info 2020-08-12 2020-08-13
2.1
None Local Low Not required Partial None None
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure.
1028 CVE-2020-6239 200 +Info 2020-06-10 2020-06-16
2.1
None Local Low Not required Partial None None
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
1029 CVE-2020-6197 613 2020-03-10 2020-03-12
2.1
None Local Low Not required Partial None None
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.
1030 CVE-2020-6015 DoS 2020-11-05 2020-11-17
2.1
None Local Low Not required None None Partial
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.
1031 CVE-2020-5989 476 DoS 2020-10-02 2020-10-13
2.1
None Local Low Not required None None Partial
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.
1032 CVE-2020-5986 20 DoS 2020-10-02 2020-10-13
2.1
None Local Low Not required None None Partial
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.
1033 CVE-2020-5982 770 DoS 2020-10-02 2020-10-09
2.1
None Local Low Not required None None Partial
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.
1034 CVE-2020-5973 20 DoS 2020-06-30 2020-07-09
2.1
None Local Low Not required None None Partial
NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
1035 CVE-2020-5965 125 DoS 2020-06-25 2020-07-13
2.1
None Local Low Not required None None Partial
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.
1036 CVE-2020-5961 400 DoS 2020-03-12 2020-03-18
2.1
None Local Low Not required None None Partial
NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service.
1037 CVE-2020-5960 476 DoS 2020-03-12 2020-03-18
2.1
None Local Low Not required None None Partial
NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service.
1038 CVE-2020-5959 20 DoS 2020-03-12 2020-03-17
2.1
None Local Low Not required None None Partial
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service.
1039 CVE-2020-5929 2020-09-25 2020-10-08
2.6
None Remote High Not required Partial None None
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.
1040 CVE-2020-5908 200 +Info 2020-07-01 2020-07-09
2.1
None Local Low Not required Partial None None
In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.
1041 CVE-2020-5890 200 +Info 2020-04-30 2020-05-06
2.1
None Local Low Not required Partial None None
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.
1042 CVE-2020-5866 200 +Info 2020-04-23 2020-04-30
2.1
None Local Low Not required Partial None None
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
1043 CVE-2020-5851 2020-01-14 2020-01-29
2.1
None Local Low Not required None Partial None
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG
1044 CVE-2020-5833 125 2020-05-11 2020-05-14
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1045 CVE-2020-5831 125 2020-02-11 2020-02-13
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1046 CVE-2020-5830 125 2020-02-11 2020-02-13
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1047 CVE-2020-5829 125 2020-02-11 2020-02-13
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1048 CVE-2020-5828 125 2020-02-11 2020-02-13
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1049 CVE-2020-5827 125 2020-02-11 2020-02-13
2.1
None Local Low Not required Partial None None
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
1050 CVE-2020-5826 119 Overflow 2020-02-11 2020-02-13
2.1
None Local Low Not required None None Partial
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.