Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-24442 Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, ... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-17566 Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vul... | 7.5 | HIGH | — | 0 |
| CVE-2020-0575 Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-0584 Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via l... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-0587 Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0588 Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0590 Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-0591 Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0592 Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-0593 Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-12297 Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may all... | 7.8 | HIGH | — | 0 |
| CVE-2020-12310 Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physi... | 4.6 | MEDIUM | — | 0 |
| CVE-2020-12303 Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated u... | 7.8 | HIGH | — | 0 |
| CVE-2020-12304 Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-12306 Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via ... | 7.8 | HIGH | — | 0 |
| CVE-2020-12307 Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-12308 Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-12309 Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via phys... | 4.6 | MEDIUM | — | 0 |
| CVE-2020-12311 Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physi... | 4.6 | MEDIUM | — | 0 |
| CVE-2020-12312 Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially e... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-12314 Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-12317 Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-28270 Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-12318 Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-12319 Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-12321 Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 | HIGH | — | 0 |
| CVE-2020-12322 Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-12354 Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2020-28271 Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2121 Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | HIGH | — | 0 |
| CVE-2020-2122 Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able t... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-2123 Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 | HIGH | — | 0 |
| CVE-2020-2124 Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permis... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-2125 Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the m... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-2126 Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | 4.3 | MEDIUM | — | 0 |
| CVE-2013-1938 Zimbra 2013 has XSS in aspell.php | 6.1 | MEDIUM | — | 0 |
| CVE-2020-2127 Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-2128 Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or ac... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-2129 Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-2130 Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-2131 Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to th... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-2132 Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, ... | 6.5 | MEDIUM | — | 0 |
| CVE-2013-6681 Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability | 5.9 | MEDIUM | — | 0 |
| CVE-2020-2133 Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the mast... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-8595 Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access ... | 7.3 | HIGH | — | 0 |
| CVE-2020-8815 Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of ... | 7.5 | HIGH | — | 0 |
| CVE-2020-8839 Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. | 6.1 | MEDIUM | — | 0 |
| CVE-2013-1924 Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 | 7.5 | HIGH | — | 0 |
| CVE-2020-11650 An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on the length of... | 7.5 | HIGH | — | 0 |
| CVE-2013-2097 ZPanel through 10.1.0 has Remote Command Execution | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.