VYPR

CVEs

100,075 total · page 1370 of 2,002

  • CVE-2020-16273HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure…

  • CVE-2020-12350HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12347HigNov 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

  • CVE-2020-12346HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12345HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12336HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12335HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12334HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12333HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12332HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12331HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12330HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12329HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12325HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12324HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12320HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8760HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8754HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8753HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8750HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8749HigNov 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8744HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via…

  • CVE-2020-8739HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24573HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.

  • CVE-2020-13771HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.01

    Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable…

  • CVE-2020-13770HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service…

  • CVE-2020-12354HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12321HigNov 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-12318HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12307HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12306HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12304HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-12303HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-12297HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via…

  • CVE-2020-0590HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-17566HigNov 12, 2020
    risk 0.43cvss 7.5epss 0.11

    Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

  • CVE-2019-11121HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-25658HigNov 12, 2020
    risk 0.42cvss 7.5epss 0.02

    It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

  • CVE-2020-7332HigNov 12, 2020
    risk 0.46cvss 7.0epss 0.01

    Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

  • CVE-2020-7331HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

  • CVE-2020-3632HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P,…

  • CVE-2020-11208HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

  • CVE-2020-11207HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655,…

  • CVE-2020-11206HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410,…

  • CVE-2020-11205HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350,…

  • CVE-2020-11202HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in…

  • CVE-2020-11201HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P,…

  • CVE-2020-11175HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2020-11132HigNov 12, 2020
    risk 0.46cvss 7.1epss 0.00

    u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure…

  • CVE-2020-11131HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053,…