Total
10489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12314 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-12299 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12295 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12122 | 1 Maxpcsecure | 1 Max Spyware Detector | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.) | |||||
| CVE-2020-12080 | 1 Flexera | 1 Flexnet Publisher | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. | |||||
| CVE-2020-12066 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | |||||
| CVE-2020-12062 | 1 Openbsd | 1 Openssh | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances. | |||||
| CVE-2020-12033 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | |||||
| CVE-2020-12029 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. | |||||
| CVE-2020-12001 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. | |||||
| CVE-2020-11999 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. | |||||
| CVE-2020-11988 | 2 Apache, Fedoraproject | 2 Xmlgraphics Commons, Fedora | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | |||||
| CVE-2020-11890 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. | |||||
| CVE-2020-11805 | 1 Pexip | 2 Pexip Infinity, Reverse Proxy And Turn Server | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | |||||
| CVE-2020-11536 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server. | |||||
| CVE-2020-11534 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server. | |||||
| CVE-2020-11496 | 1 Sprecher-automation | 1 Sprecon-e | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | |||||
| CVE-2020-11268 | 1 Qualcomm | 86 Apq8009, Apq8016, Apq8074 and 83 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile | |||||
| CVE-2020-11253 | 1 Qualcomm | 346 Aqt1000, Aqt1000 Firmware, Pm3003a and 343 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11237 | 1 Qualcomm | 330 Csrb31024, Csrb31024 Firmware, Pm3003a and 327 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | |||||