CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-0553 Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2020-0554 Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local a... | 7.0 | HIGH | — | 0 |
| CVE-2020-0555 Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-0559 Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privile... | 7.8 | HIGH | — | 0 |
| CVE-2020-8683 Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-24347 njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-12299 Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 | HIGH | — | 0 |
| CVE-2020-12300 Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local acc... | 8.2 | HIGH | — | 0 |
| CVE-2020-12301 Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | 8.2 | HIGH | — | 0 |
| CVE-2020-7307 Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log ... | 5.2 | MEDIUM | — | 0 |
| CVE-2020-8679 Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-8684 Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege vi... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-8685 Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. | 4.4 | MEDIUM | — | 0 |
| CVE-2020-8687 Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable... | 7.8 | HIGH | — | 0 |
| CVE-2020-8688 Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 | HIGH | — | 0 |
| CVE-2020-8689 Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-8720 Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local acc... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-24346 njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | 7.8 | HIGH | — | 0 |
| CVE-2019-4582 IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-4589 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sou... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-16374 Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * characte... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-13280 For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-13282 For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | 3.1 | LOW | — | 0 |
| CVE-2020-9228 FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | 7.5 | HIGH | — | 0 |
| CVE-2020-13283 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. | 7.3 | HIGH | — | 0 |
| CVE-2020-13285 For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. | 7.3 | HIGH | — | 0 |
| CVE-2020-16087 An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted... | 8.6 | HIGH | — | 0 |
| CVE-2020-11733 An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metach... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-13281 For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | 6.5 | MEDIUM | — | 0 |
| CVE-2020-13286 For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. | 6.4 | MEDIUM | — | 0 |
| CVE-2020-15925 A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. | 8.8 | HIGH | — | 0 |
| CVE-2020-15947 A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId p... | 8.8 | HIGH | — | 0 |
| CVE-2020-14483 A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-0261 In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User in... | 7.8 | HIGH | — | 0 |
| CVE-2020-17498 In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-24330 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | 7.8 | HIGH | — | 0 |
| CVE-2020-24331 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various ... | 7.8 | HIGH | — | 0 |
| CVE-2020-24332 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to cr... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-24342 Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | 7.8 | HIGH | — | 0 |
| CVE-2020-24343 Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | 7.8 | HIGH | — | 0 |
| CVE-2020-24344 JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | 7.1 | HIGH | — | 0 |
| CVE-2020-24345 JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | 7.8 | HIGH | — | 0 |
| CVE-2020-24348 njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-24349 njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote a... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-7360 An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing... | 7.4 | HIGH | — | 0 |
| CVE-2019-20383 ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. | 7.8 | HIGH | — | 0 |
| CVE-2020-4662 IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. | 8.8 | HIGH | — | 0 |
| CVE-2019-6112 A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword paramet... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-9229 FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | 4.4 | MEDIUM | — | 0 |
| CVE-2019-7410 There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.