Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0129 | 4 Bluez, Debian, Linux and 1 more | 4 Bluez, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
|
|||||
| CVE-2021-0121 | 2 Intel, Microsoft | 2 Iris Xe Max Dedicated Graphics, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-0110 | 1 Intel | 30 Core I3-10100y, Core I3-10110u, Core I3-10110y and 27 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2021-0098 | 1 Intel | 1 Unite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
|
|||||
| CVE-2021-0073 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-0067 | 1 Intel | 154 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 151 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-9979 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.
|
|||||
| CVE-2020-9963 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.
|
|||||
| CVE-2020-9860 | 1 Apple | 1 Safari | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
|
|||||
| CVE-2020-9857 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.
|
|||||
| CVE-2020-9850 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
|
|||||
| CVE-2020-9840 | 1 Apple | 1 Nioextras | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
|
|||||
| CVE-2020-9787 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.
|
|||||
| CVE-2020-9784 | 1 Apple | 1 Safari | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.
|
|||||
| CVE-2020-9668 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
|
|||||
| CVE-2020-9300 | 1 Netflix | 1 Dispatch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
|
|||||
| CVE-2020-9158 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr.
|
|||||
| CVE-2020-9120 | 1 Huawei | 1 Cloudengine 1800v | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally.
|
|||||
| CVE-2020-9079 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
|
|||||
| CVE-2020-8968 | 1 Parallels | 1 Remote Application Server | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
|
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.
|
|||||
| CVE-2020-8920 | 1 Google | 1 Gerrit | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.
|
|||||
| CVE-2020-8807 | 1 Electriccoin | 1 Zcashd | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel.
|
|||||
| CVE-2020-8796 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
|
|||||
| CVE-2020-8764 | 2 Intel, Netapp | 337 Bios, Core I5-7640x, Core I7-3820 and 334 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8716 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-8694 | 1 Intel | 598 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 595 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2020-8678 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access.
|
|||||
| CVE-2020-8558 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the ...
Show More |
|||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable.
|
|||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.
|
|||||
| CVE-2020-8487 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
|
|||||
| CVE-2020-8486 | 1 Abb | 1 800xa Rnrp | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
|
|||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
|
|||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
|
|||||
| CVE-2020-8300 | 1 Citrix | 16 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 13 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
|
|||||
| CVE-2020-8107 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
|
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136.
|
|||||
| CVE-2020-8027 | 2 Opensuse, Suse | 3 Leap, Openldap2, Linux Enterprise Server | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior ...
Show More |
|||||
| CVE-2020-8010 | 1 Broadcom | 1 Unified Infrastructure Management | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
|
|||||
| CVE-2020-7948 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
|
|||||
| CVE-2020-7929 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20.
|
|||||