CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2020-4629 209 +Info 2020-09-30 2020-10-02
2.1
None Local Low Not required Partial None None
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
1052 CVE-2020-4604 312 2021-01-13 2021-01-15
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 184861.
1053 CVE-2020-4602 522 2021-01-13 2021-01-15
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184836.
1054 CVE-2020-4593 522 2020-08-24 2020-08-26
2.1
None Local Low Not required Partial None None
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747.
1055 CVE-2020-4568 522 2020-11-10 2020-11-17
2.1
None Local Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.
1056 CVE-2020-4498 200 +Info 2020-07-27 2020-07-28
2.1
None Local Low Not required Partial None None
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
1057 CVE-2020-4492 88 DoS 2020-08-31 2020-08-31
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.
1058 CVE-2020-4491 400 DoS 2020-10-20 2020-10-20
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991.
1059 CVE-2020-4408 522 2020-07-27 2020-07-28
2.1
None Local Low Not required Partial None None
The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.
1060 CVE-2020-4382 20 DoS 2020-08-24 2020-08-26
2.1
None Local Low Not required None None Partial
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services. IBM X-Force ID: 179163.
1061 CVE-2020-4372 522 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009
1062 CVE-2020-4371 922 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008.
1063 CVE-2020-4369 312 +Info 2020-07-22 2020-07-24
2.1
None Local Low Not required Partial None None
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004.
1064 CVE-2020-4353 20 2020-04-23 2020-04-27
2.1
None Local Low Not required None None Partial
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505.
1065 CVE-2020-4344 922 2020-09-15 2020-09-16
2.1
None Local Low Not required Partial None None
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247.
1066 CVE-2020-4338 200 +Info 2020-04-16 2020-04-22
2.1
None Local Low Not required Partial None None
IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. IBM X-Force ID: 177937.
1067 CVE-2020-4224 200 +Info 2020-02-03 2020-02-06
2.1
None Local Low Not required Partial None None
IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133.
1068 CVE-2020-4197 922 2020-03-03 2020-03-03
2.1
None Local Low Not required Partial None None
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174908.
1069 CVE-2020-4191 327 2020-06-04 2020-06-05
2.1
None Local Low Not required Partial None None
IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852.
1070 CVE-2020-4100 913 2020-07-15 2020-07-22
2.1
None Local Low Not required None Partial None
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."
1071 CVE-2020-4095 522 +Priv 2020-07-16 2020-07-23
2.1
None Local Low Not required Partial None None
"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the credentials. These credentials can be used to pivot further into the environment. The principle of least privilege should be applied to all BigFix deployments, limiting administrative access."
1072 CVE-2020-4083 532 +Info 2020-03-05 2020-03-06
2.1
None Local Low Not required Partial None None
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.
1073 CVE-2020-4075 552 2020-07-07 2020-07-13
2.1
None Local Low Not required Partial None None
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
1074 CVE-2020-4071 208 2020-06-24 2020-07-09
2.1
None Local Low Not required Partial None None
In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is performed through a character-by-character string comparison. This enables a possibility that attacker may time the time it takes the server to validate different usernames and password, and use this knowledge to work out the valid credentials. This attack is understood not to be realistic over the Internet. However, it may be achieved from within local networks where the website is hosted, e.g. from inside a data centre where a website's server is located. Sites protected by IP address whitelisting only are unaffected by this vulnerability. This vulnerability has been fixed on version 0.3.4 of django-basic-auth-ip-whitelist. Update to version 0.3.4 as soon as possible and change basic authentication username and password configured on a Django project using this package. A workaround without upgrading to version 0.3.4 is to stop using basic authentication and use the IP whitelisting component only. It can be achieved by not setting BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD in Django project settings.
1075 CVE-2020-3999 476 DoS 2020-12-21 2020-12-23
2.1
None Local Low Not required None None Partial
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
1076 CVE-2020-3996 +Info 2020-10-22 2020-10-30
2.1
None Local Low Not required Partial None None
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.
1077 CVE-2020-3990 190 Overflow +Info 2020-09-16 2020-09-28
2.1
None Local Low Not required Partial None None
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
1078 CVE-2020-3989 787 DoS 2020-09-16 2020-09-28
2.1
None Local Low Not required None None Partial
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
1079 CVE-2020-3972 20 2020-06-19 2020-06-24
2.1
None Local Low Not required None None Partial
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.
1080 CVE-2020-3971 787 Overflow 2020-06-25 2020-07-01
2.1
None Local Low Not required Partial None None
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
1081 CVE-2020-3965 200 +Info 2020-06-25 2020-07-17
2.1
None Local Low Not required Partial None None
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
1082 CVE-2020-3963 416 2020-06-25 2020-07-17
2.1
None Local Low Not required Partial None None
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
1083 CVE-2020-3959 119 DoS Overflow 2020-05-29 2020-06-02
2.1
None Local Low Not required None None Partial
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.
1084 CVE-2020-3958 20 DoS 2020-05-29 2020-06-02
2.1
None Local Low Not required None None Partial
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition.
1085 CVE-2020-3951 787 Overflow 2020-03-17 2020-03-24
2.1
None Local Low Not required None None Partial
VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed.
1086 CVE-2020-3930 532 2020-06-12 2020-07-23
2.1
None Local Low Not required Partial None None
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
1087 CVE-2020-3918 2020-10-22 2020-10-29
2.1
None Local Low Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.
1088 CVE-2020-3917 668 2020-04-01 2020-04-03
2.1
None Local Low Not required None Partial None
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.
1089 CVE-2020-3894 362 2020-04-01 2020-10-16
2.6
None Remote High Not required Partial None None
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
1090 CVE-2020-3891 862 2020-04-01 2020-04-03
2.1
None Local Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.
1091 CVE-2020-3889 200 +Info 2020-04-01 2020-04-06
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.
1092 CVE-2020-3881 200 +Info 2020-04-01 2020-04-02
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.
1093 CVE-2020-3873 863 2020-02-27 2020-03-02
2.1
None Local Low Not required None Partial None
This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.
1094 CVE-2020-3859 200 +Info 2020-02-27 2020-03-02
2.1
None Local Low Not required Partial None None
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
1095 CVE-2020-3844 863 2020-02-27 2020-03-02
2.1
None Local Low Not required None Partial None
This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.
1096 CVE-2020-3839 20 2020-02-27 2020-03-02
2.1
None Local Low Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory.
1097 CVE-2020-3836 119 Overflow 2020-02-27 2020-03-02
2.1
None Local Low Not required Partial None None
An access issue was addressed with improved memory management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. A malicious application may be able to determine kernel memory layout.
1098 CVE-2020-3828 200 +Info 2020-02-27 2020-03-02
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.
1099 CVE-2020-3812 200 +Info 2020-05-26 2020-10-05
2.1
None Local Low Not required Partial None None
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.
1100 CVE-2020-3687 200 +Info 2021-01-21 2021-01-29
2.1
None Local Low Not required Partial None None
Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.