Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9102 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC8 ...
Show More |
|||||
| CVE-2020-9090 | 1 Huawei | 1 Fusionaccess | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.
|
|||||
| CVE-2020-9083 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service.
|
|||||
| CVE-2020-9078 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
|
|||||
| CVE-2020-9072 | 1 Huawei | 2 Osd, Osd Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
|
|||||
| CVE-2020-9069 | 1 Huawei | 36 Anne-al00, Anne-al00 Firmware, Berkeley-l09 and 33 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Affected product versions include: Anne-AL00 Versions earlier than 9.1.0.331(C675E9R1P3T8); Berkeley-L09 Versions earlier than 10.0.1.1(C675R1); CD16-10 Versions earlier than 10.0.2.8; CD17-10 Versions earlier than 10.0.2.8; CD17-16 Versions earlier than 10.0.2.8; CD18-10 Versions earl ...
Show More |
|||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
|
|||||
| CVE-2020-9034 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
|
|||||
| CVE-2020-9015 | 1 Arista | 6 Dcs-7050cx3-32s-r, Dcs-7050cx3-32s-r Firmware, Dcs-7050qx-32s-r and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands
|
|||||
| CVE-2020-9014 | 1 Epson | 1 Iprojection | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.
|
|||||
| CVE-2020-8973 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2024-11-21 | N/A | 9.3 CRITICAL |
|
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device.
|
|||||
| CVE-2020-8961 | 1 Avira | 1 Free Antivirus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.
|
|||||
| CVE-2020-8910 | 1 Google | 1 Closure Library | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.
|
|||||
| CVE-2020-8894 | 1 Misp | 1 Misp | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
|
|||||
| CVE-2020-8893 | 1 Misp | 1 Misp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
|
|||||
| CVE-2020-8892 | 1 Misp | 1 Misp | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
|
|||||
| CVE-2020-8891 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
|
|||||
| CVE-2020-8817 | 1 Dataiku | 1 Data Science Studio | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
|
|||||
| CVE-2020-8808 | 1 Corsair | 1 Icue | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.
|
|||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
|
|||||
| CVE-2020-8782 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.
|
|||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.
|
|||||
| CVE-2020-8759 | 1 Intel | 1 Ssd Data Center Tool | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8758 | 2 Intel, Netapp | 3 Active Management Technology Firmware, Standard Manageability, Steelstore Cloud Integrated Storage | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8751 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.
|
|||||
| CVE-2020-8739 | 2 Intel, Netapp | 221 Bios, Core I5-7640x, Core I7-3820 and 218 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8737 | 1 Intel | 3 Quartus Prime, Stratix 10 Fpga, Stratix 10 Fpga Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access.
|
|||||
| CVE-2020-8736 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8733 | 1 Intel | 2 M10jnp2sb, M10jnp2sb Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8711 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8693 | 1 Intel | 16 V710-at2, V710-at2 Firmware, X710-at2 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
|
|||||
| CVE-2020-8692 | 1 Intel | 16 V710-at2, V710-at2 Firmware, X710-at2 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
|
|||||
| CVE-2020-8691 | 1 Intel | 16 V710-at2, V710-at2 Firmware, X710-at2 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
|
|||||
| CVE-2020-8690 | 1 Intel | 16 V710-at2, V710-at2 Firmware, X710-at2 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
|
|||||
| CVE-2020-8689 | 1 Intel | 1 Inet Wireless Daemon | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2020-8684 | 1 Intel | 2 Acceleration Stack, Programmable Acceleration Card With Arria 10 Gx Fpga | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8683 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-8677 | 1 Intel | 2 Visual Compute Accelerator 2, Visual Compute Accelerator 2 Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-8676 | 1 Intel | 2 Visual Compute Accelerator 2, Visual Compute Accelerator 2 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-8675 | 1 Intel | 2 Innovation Engine, Innovation Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
|
|||||