Total
388 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28019 | 1 Exim | 1 Exim | 2024-08-04 | 7.5 High |
| Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA. | ||||
| CVE-2020-27950 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-08-04 | 5.5 Medium |
| A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory. | ||||
| CVE-2020-26933 | 1 Trustedcomputinggroup | 1 Trusted Platform Module | 2024-08-04 | 7.2 High |
| Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack. | ||||
| CVE-2020-26957 | 1 Mozilla | 1 Firefox | 2024-08-04 | 6.5 Medium |
| OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | ||||
| CVE-2020-26886 | 1 Softaculous | 1 Softaculous | 2024-08-04 | 7.8 High |
| Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. | ||||
| CVE-2020-25662 | 1 Redhat | 1 Enterprise Linux | 2024-08-04 | 5.3 Medium |
| A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-25578 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 5.3 Medium |
| In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. | ||||
| CVE-2020-24996 | 1 Xpdfreader | 1 Xpdf | 2024-08-04 | 7.8 High |
| There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-24507 | 2 Intel, Siemens | 409 B150, B250, B360 and 406 more | 2024-08-04 | 4.4 Medium |
| Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24475 | 1 Intel | 46 Baseboard Management Controller Firmware, Compute Module Hns2600bpb24r, Compute Module Hns2600bpbr and 43 more | 2024-08-04 | 5.5 Medium |
| Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-16901 | 1 Microsoft | 5 Windows 10, Windows 10 1809, Windows 10 1909 and 2 more | 2024-08-04 | 5 Medium |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p> | ||||
| CVE-2020-14347 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-08-04 | 5.5 Medium |
| A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. | ||||
| CVE-2020-12357 | 3 Intel, Netapp, Siemens | 568 Bios, Core I3-l13g4, Core I5-l16g7 and 565 more | 2024-08-04 | 6.7 Medium |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12326 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-08-04 | 5.5 Medium |
| Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-12301 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2024-08-04 | 8.2 High |
| Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-11655 | 7 Canonical, Debian, Netapp and 4 more | 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more | 2024-08-04 | 7.5 High |
| SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | ||||
| CVE-2020-10725 | 5 Dpdk, Fedoraproject, Opensuse and 2 more | 6 Data Plane Development Kit, Fedora, Leap and 3 more | 2024-08-04 | 7.7 High |
| A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. | ||||
| CVE-2020-10143 | 1 Macrium | 1 Reflect | 2024-08-04 | 7.8 High |
| Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10139 | 1 Acronis | 1 True Image | 2024-08-04 | 7.8 High |
| Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2024-08-04 | 7.8 High |
| Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||