Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8671 | 1 Intel | 49 Bios, Celeron 4205u, Celeron 4305u and 46 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2020-8602 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.
|
|||||
| CVE-2020-8590 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
|
|||||
| CVE-2020-8589 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs.
|
|||||
| CVE-2020-8588 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).
|
|||||
| CVE-2020-8587 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.
|
|||||
| CVE-2020-8584 | 1 Netapp | 4 Element Os, Hci Management Node, Hci Storage Node and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
|
|||||
| CVE-2020-8583 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
|
|||||
| CVE-2020-8582 | 1 Netapp | 2 Element Os, Hci | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.
|
|||||
| CVE-2020-8581 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.
|
|||||
| CVE-2020-8580 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).
|
|||||
| CVE-2020-8579 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).
|
|||||
| CVE-2020-8578 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.
|
|||||
| CVE-2020-8577 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.
|
|||||
| CVE-2020-8576 | 1 Netapp | 1 Clustered Data Ontap | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.
|
|||||
| CVE-2020-8575 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
|
|||||
| CVE-2020-8574 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
|
|||||
| CVE-2020-8572 | 1 Netapp | 2 Element Healthtools, Element Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
|
|||||
| CVE-2020-8571 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).
|
|||||
| CVE-2020-8554 | 2 Kubernetes, Oracle | 4 Kubernetes, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2024-11-21 | 6.0 MEDIUM | 6.3 MEDIUM |
|
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
|
|||||
| CVE-2020-8547 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
|
|||||
| CVE-2020-8516 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
|
|||||
| CVE-2020-8494 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters.
|
|||||
| CVE-2020-8470 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 9.4 HIGH | 7.5 HIGH |
|
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
|
|||||
| CVE-2020-8354 | 1 Lenovo | 2 Notebook, Notebook Firmware | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
|
|||||
| CVE-2020-8353 | 1 Lenovo | 28 Thinkcentre M80s, Thinkcentre M80s Firmware, Thinkcentre M80t and 25 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
|
|||||
| CVE-2020-8352 | 1 Lenovo | 32 Qitian 4500, Qitian 4500 Firmware, Qitian B4550 and 29 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
|
|||||
| CVE-2020-8341 | 1 Lenovo | 20 Thinkpad T490 \(20nx\), Thinkpad T490 \(20nx\) Firmware, Thinkpad T490 \(20qx\) and 17 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
|
|||||
| CVE-2020-8336 | 1 Lenovo | 76 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E15 and 73 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
|
|||||
| CVE-2020-8335 | 1 Lenovo | 16 Thinkpad A275, Thinkpad A275 Firmware, Thinkpad A285 and 13 more | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
|
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
|
|||||
| CVE-2020-8333 | 1 Lenovo | 54 63, 63 Firmware, H50-30g and 51 more | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
|
|||||
| CVE-2020-8330 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
|
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.
|
|||||
| CVE-2020-8329 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
|
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.
|
|||||
| CVE-2020-8323 | 1 Lenovo | 344 14iwl, 14iwl Firmware, 330-14ast and 341 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
|
|||||
| CVE-2020-8322 | 1 Lenovo | 102 14iwl, 14iwl Firmware, 330-14ast and 99 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
|
|||||
| CVE-2020-8321 | 1 Lenovo | 344 130-14ast, 130-14ast Firmware, 130-14ikb and 341 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
|
|||||
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
|
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.
|
|||||
| CVE-2020-8318 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
|
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
|
|||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
|
|||||
| CVE-2020-8284 | 9 Apple, Debian, Fedoraproject and 6 more | 29 Mac Os X, Macos, Debian Linux and 26 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
|
|||||