Total
34327 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15386 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. | |||||
| CVE-2020-15385 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and list files without permission. As a result, users without permission can see folders, and hidden files, and can create directories without permission. | |||||
| CVE-2020-15383 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic. | |||||
| CVE-2020-15378 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OVA version of Brocade SANnav before version 2.1.1 installation with IPv6 networking exposes the docker container ports to the network, increasing the potential attack surface. | |||||
| CVE-2020-15376 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups. | |||||
| CVE-2020-15374 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. | |||||
| CVE-2020-15368 | 1 Asrock | 2 Rgb Driver, Rgb Driver Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. | |||||
| CVE-2020-15107 | 1 Openenclave | 1 Openenclave | 2024-11-21 | 1.2 LOW | 5.3 MEDIUM |
| In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. By violating the Linux System V Application Binary Interface (ABI) for such operations, a host app can compromise the execution integrity of some x87 FPU operations in an enclave. Depending on the FPU control configuration of the enclave app and whether the operations are used in secret-dependent execution paths, this vulnerability may also be used to mount a side-channel attack on the enclave. This has been fixed in 0.10.0 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. | |||||
| CVE-2020-15079 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6 | |||||
| CVE-2020-15005 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 2.6 LOW | 3.1 LOW |
| In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. | |||||
| CVE-2020-15003 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | |||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||||
| CVE-2020-14979 | 2 Evga, Winring0 Project | 2 Precision X1, Winring0 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process. | |||||
| CVE-2020-14978 | 1 F-secure | 1 Safe | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | |||||
| CVE-2020-14977 | 1 F-secure | 1 Safe | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | |||||
| CVE-2020-14975 | 1 Iobit | 1 Iobit Unlocker | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. | |||||
| CVE-2020-14974 | 1 Iobit | 1 Iobit Unlocker | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. | |||||
| CVE-2020-14961 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value. | |||||
| CVE-2020-14945 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data. | |||||
| CVE-2020-14901 | 1 Oracle | 1 Database | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | |||||