National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,418 matching records.
Displaying matches 1541 through 1560.
Vuln ID Summary CVSS Severity
CVE-2019-11938

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

Published: March 10, 2020; 05:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9044

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1.

Published: March 10, 2020; 04:15:22 PM -04:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-7579

A vulnerability has been identified in Spectrum Powerâ„¢ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).

Published: March 10, 2020; 04:15:22 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-0083

In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954

Published: March 10, 2020; 04:15:22 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-0069

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0061

In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145504977

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2020-0060

In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2020-0059

In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-0058

In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2020-0044

In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2020-0043

In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2020-0042

In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2020-0041

In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0039

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143155861

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2020-0038

In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143109193

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2020-0037

In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143106535

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2020-0036

In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144679405

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0035

In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024

Published: March 10, 2020; 04:15:21 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2020-0034

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

Published: March 10, 2020; 04:15:20 PM -04:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2020-0033

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144351324

Published: March 10, 2020; 04:15:20 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH