Total
12560 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24505 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2024-11-21 | 4.4 Medium |
| Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2020-24502 | 2 Intel, Redhat | 11 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 8 more | 2024-11-21 | 5.5 Medium |
| Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2020-24496 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2024-11-21 | 4.4 Medium |
| Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2020-24491 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2024-11-21 | 4.4 Medium |
| Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24486 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2024-11-21 | 5.5 Medium |
| Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-24453 | 1 Intel | 1 Epid Software Development Kit | 2024-11-21 | 7.8 High |
| Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2020-24452 | 1 Intel | 1 Sgx Platform | 2024-11-21 | 5.5 Medium |
| Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2020-24432 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.7 Medium |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document. | ||||
| CVE-2020-24427 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 3.3 Low |
| Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 7.5 High |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | ||||
| CVE-2020-24377 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 9.6 Critical |
| A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. | ||||
| CVE-2020-24376 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 9.6 Critical |
| A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. | ||||
| CVE-2020-24374 | 1 Free | 2 Freebox Hd, Freebox Hd Firmware | 2024-11-21 | 9.6 Critical |
| A DNS rebinding vulnerability in Freebox v5 before 1.5.29. | ||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2024-11-21 | 7.5 High |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | ||||
| CVE-2020-24074 | 1 Silk-v3-decoder Project | 1 Silk-v3-decoder | 2024-11-21 | 9.8 Critical |
| The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | ||||
| CVE-2020-23793 | 1 Spice-space | 1 Spice-server | 2024-11-21 | 8.6 High |
| An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | ||||
| CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-11-21 | 5.5 Medium |
| Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | ||||
| CVE-2020-1984 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-11-21 | 7.8 High |
| Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | ||||
| CVE-2020-1976 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 4.7 Medium |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. | ||||
| CVE-2020-1960 | 2 Apache, Redhat | 2 Flink, Jboss Fuse | 2024-11-21 | 4.7 Medium |
| A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | ||||