Filtered by CWE-665
Total 403 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-12357 3 Intel, Netapp, Siemens 568 Bios, Core I3-l13g4, Core I5-l16g7 and 565 more 2024-11-21 6.7 Medium
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-12326 1 Intel 1 Thunderbolt Dch Driver 2024-11-21 5.5 Medium
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-12301 1 Intel 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more 2024-11-21 8.2 High
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-11-21 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-10725 5 Dpdk, Fedoraproject, Opensuse and 2 more 6 Data Plane Development Kit, Fedora, Leap and 3 more 2024-11-21 7.7 High
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
CVE-2020-10143 1 Macrium 1 Reflect 2024-11-21 7.8 High
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
CVE-2020-10139 1 Acronis 1 True Image 2024-11-21 7.8 High
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
CVE-2020-10138 1 Acronis 2 Cyber Backup, Cyber Protect 2024-11-21 7.8 High
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.
CVE-2020-0586 1 Intel 1 Server Platform Services 2024-11-21 7.8 High
Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
CVE-2020-0561 4 Intel, Linux, Microsoft and 1 more 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more 2024-11-21 7.8 High
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0529 1 Intel 158 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 155 more 2024-11-21 7.8 High
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0522 1 Intel 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more 2024-11-21 4.4 Medium
Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-0506 1 Intel 1 Graphics Driver 2024-11-21 2.3 Low
Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.
CVE-2020-0450 1 Google 1 Android 2024-11-21 6.5 Medium
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336
CVE-2020-0414 1 Google 1 Android 2024-11-21 6.5 Medium
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122
CVE-2019-9641 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2024-11-21 9.8 Critical
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9639 6 Canonical, Debian, Netapp and 3 more 8 Ubuntu Linux, Debian Linux, Storage Automation Store and 5 more 2024-11-21 7.5 High
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 6 Canonical, Debian, Netapp and 3 more 8 Ubuntu Linux, Debian Linux, Storage Automation Store and 5 more 2024-11-21 7.5 High
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-8629 1 Apple 1 Mac Os X 2024-11-21 7.8 High
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges.
CVE-2019-8552 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-11-21 7.8 High
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.