Total
29348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12339 | 1 Intel | 1 Collaboration Suite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2020-12338 | 1 Intel | 1 Open Webrtc Toolkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2020-12319 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-12311 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2020-12310 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2020-12308 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. | |||||
| CVE-2020-12294 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12293 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12290 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12288 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12073 | 1 Cyberchimps | 1 Gutenberg \& Elementor Templates Importer For Responsive | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. | |||||
| CVE-2020-12063 | 1 Postfix | 1 Postfix | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/sender_login feature is used, because a spoofed outbound message that uses a configured sender address is blocked with a "Sender address rejected: not logged in" error message, but a spoofed outbound message that uses a homoglyph of a configured sender address is not blocked. NOTE: some third parties argue that any missed blocking of spoofed outbound messages - except for exact matches to a sender address in the /etc/postfix/sender_login file - is outside the design goals of Postfix and thus cannot be considered a Postfix vulnerability. | |||||
| CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2024-11-21 | 6.8 MEDIUM | 10.0 CRITICAL |
| There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||||
| CVE-2020-12024 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. | |||||
| CVE-2020-11979 | 4 Apache, Fedoraproject, Gradle and 1 more | 37 Ant, Fedora, Gradle and 34 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. | |||||
| CVE-2020-11935 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2024-11-21 | N/A | 4.4 MEDIUM |
| It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. | |||||
| CVE-2020-11933 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
| cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. | |||||
| CVE-2020-11908 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | |||||
| CVE-2020-11907 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | |||||
| CVE-2020-11880 | 1 Kde | 1 Kmail | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. | |||||