Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14215 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 7.5 High |
| Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. | ||||
| CVE-2020-14194 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.4 Medium |
| Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. | ||||
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.8 High |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | ||||
| CVE-2020-14032 | 1 Asrock | 1 Box-r1000 Firmware | 2024-11-21 | 9.8 Critical |
| ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. | ||||
| CVE-2020-13854 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.8 Critical |
| Artica Pandora FMS 7.44 allows privilege escalation. | ||||
| CVE-2020-13695 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 7.2 High |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | ||||
| CVE-2020-13638 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | ||||
| CVE-2020-13522 | 1 Softperfect | 1 Ram Disk | 2024-11-21 | 7.1 High |
| An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13519 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13518 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13517 | 1 Nzxt | 1 Cam | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13516 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13515 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13514 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13513 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13512 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13511 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13510 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13509 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data. | ||||
| CVE-2020-12860 | 1 Health | 1 Covidsafe | 2024-11-21 | 5.3 Medium |
| COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name. | ||||