CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2020-0018 532 2020-02-13 2020-02-18
2.1
None Local Low Not required Partial None None
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
1452 CVE-2020-0009 276 Bypass 2020-01-08 2020-06-10
2.1
None Local Low Not required None Partial None
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
1453 CVE-2020-0007 1187 2020-01-08 2020-01-29
2.1
None Local Low Not required Partial None None
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807
1454 CVE-2020-0004 20 DoS 2020-01-08 2020-01-29
2.1
None Local Low Not required None None Partial
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120847476
1455 CVE-2019-1020014 415 2019-07-29 2021-01-14
2.1
None Local Low Not required Partial None None
docker-credential-helpers before 0.6.3 has a double free in the List functions.
1456 CVE-2019-1010208 119 Exec Code Overflow 2019-07-23 2019-08-05
2.1
None Local Low Not required Partial None None
IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1.
1457 CVE-2019-1003048 311 2019-03-28 2020-09-29
2.1
None Local Low Not required Partial None None
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
1458 CVE-2019-1003044 352 CSRF 2019-03-28 2020-06-23
2.1
None Remote High ??? Partial None None
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
1459 CVE-2019-1003038 522 2019-03-08 2020-09-30
2.1
None Local Low Not required Partial None None
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
1460 CVE-2019-1003017 352 2019-02-06 2019-10-09
2.6
None Remote High Not required None Partial None
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
1461 CVE-2019-25030 522 2021-05-26 2021-06-07
2.1
None Local Low Not required Partial None None
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
1462 CVE-2019-20872 918 2020-06-19 2020-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
1463 CVE-2019-20811 2020-06-03 2020-09-23
2.1
None Local Low Not required None Partial None
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
1464 CVE-2019-20808 125 DoS 2020-12-31 2021-03-31
2.1
None Local Low Not required None None Partial
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
1465 CVE-2019-20806 476 DoS 2020-05-27 2020-06-19
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
1466 CVE-2019-20795 416 2020-05-09 2020-09-10
2.1
None Local Low Not required None None Partial
iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.
1467 CVE-2019-20784 2020-04-17 2020-04-24
2.1
None Local Low Not required None Partial None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
1468 CVE-2019-20779 20 2020-04-17 2020-04-24
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG ID is LVE-SMP-190003 (May 2019).
1469 CVE-2019-20776 20 2020-04-17 2020-04-24
2.1
None Local Low Not required None None Partial
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
1470 CVE-2019-20775 326 2020-04-17 2020-04-22
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LVE-SMP-190010 (August 2019).
1471 CVE-2019-20774 200 +Info 2020-04-17 2020-04-24
2.1
None Local Low Not required Partial None None
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The LG ID is LVE-SMP-190009 (August 2019).
1472 CVE-2019-20759 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
1473 CVE-2019-20744 200 +Info 2020-04-16 2020-04-21
2.7
None Local Network Low ??? Partial None None
NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.
1474 CVE-2019-20743 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
1475 CVE-2019-20742 79 XSS 2020-04-16 2020-04-20
2.9
None Local Network Medium Not required None Partial None
NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.
1476 CVE-2019-20729 20 2020-04-16 2020-04-21
2.1
None Local Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48.
1477 CVE-2019-20663 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1478 CVE-2019-20662 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1479 CVE-2019-20661 79 XSS 2020-04-15 2020-04-20
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.
1480 CVE-2019-20652 200 +Info 2020-04-15 2020-04-20
2.1
None Local Low Not required Partial None None
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.
1481 CVE-2019-20648 20 2020-04-15 2020-04-22
2.7
None Local Network Low ??? None Partial None
NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.
1482 CVE-2019-20647 DoS 2020-04-15 2020-04-17
2.7
None Local Network Low ??? None None Partial
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.
1483 CVE-2019-20625 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
1484 CVE-2019-20615 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019).
1485 CVE-2019-20598 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019).
1486 CVE-2019-20595 306 2020-03-24 2020-08-24
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).
1487 CVE-2019-20579 200 +Info 2020-03-24 2020-03-30
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).
1488 CVE-2019-20569 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).
1489 CVE-2019-20559 200 +Info 2020-03-24 2020-03-27
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).
1490 CVE-2019-20557 20 Bypass 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).
1491 CVE-2019-20554 20 Bypass 2020-03-24 2020-03-25
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).
1492 CVE-2019-20550 200 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (released in China and India) software. The S Secure app can access the content of a locked app without a password. The Samsung ID is SVE-2019-13805 (October 2019).
1493 CVE-2019-20543 Bypass 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via SamsungPay mini. The Samsung ID is SVE-2019-15090 (November 2019).
1494 CVE-2019-20540 125 +Info 2020-03-24 2020-03-26
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a buffer over-read and possible information leak in the core touch screen driver. The Samsung ID is SVE-2019-14942 (November 2019).
1495 CVE-2019-20535 2020-03-24 2020-03-27
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. A connection to a new Bluetooth devices can be established from the lock screen. The Samsung ID is SVE-2019-15533 (December 2019).
1496 CVE-2019-20534 200 +Info 2020-03-24 2020-03-27
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).
1497 CVE-2019-20533 287 2020-03-24 2020-03-26
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).
1498 CVE-2019-20494 20 2020-03-17 2020-03-19
2.1
None Local Low Not required Partial None None
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
1499 CVE-2019-20485 20 DoS 2020-03-19 2020-06-16
2.7
None Local Network Low ??? None None Partial
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
1500 CVE-2019-20422 755 2020-01-27 2020-03-13
2.1
None Local Low Not required None None Partial
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.