Total
32208 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15481 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0. | |||||
| CVE-2020-15480 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | |||||
| CVE-2020-15411 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. | |||||
| CVE-2020-15408 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Secure Desktop Client | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. | |||||
| CVE-2020-15388 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | |||||
| CVE-2020-15386 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. | |||||
| CVE-2020-15385 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | |||||
| CVE-2020-15383 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | |||||
| CVE-2020-15378 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | |||||
| CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | |||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | |||||
| CVE-2020-15368 | 1 Asrock | 2 Rgb Driver, Rgb Driver Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | |||||
| CVE-2020-15107 | 1 Openenclave | 1 Openenclave | 2024-11-21 | 1.2 LOW | 5.3 MEDIUM |
| In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. | |||||
| CVE-2020-15079 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6 | |||||
| CVE-2020-15005 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. | |||||
| CVE-2020-15003 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | |||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||||
| CVE-2020-14979 | 2 Evga, Winring0 Project | 2 Precision X1, Winring0 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process. | |||||
| CVE-2020-14978 | 1 F-secure | 1 Safe | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | |||||
| CVE-2020-14977 | 1 F-secure | 1 Safe | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | |||||