VYPR

CVEs

101,963 total · page 1408 of 2,040

  • CVE-2020-12329HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12325HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12324HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12320HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8760HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8754HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8753HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8750HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-8749HigNov 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8744HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via…

  • CVE-2020-8739HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-24573HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.

  • CVE-2020-13771HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.01

    Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable…

  • CVE-2020-13770HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service…

  • CVE-2020-12354HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12321HigNov 12, 2020
    risk 0.57cvss 8.8epss 0.01

    Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-12318HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12307HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12306HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-12304HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-12303HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-12297HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via…

  • CVE-2020-0590HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-17566HigNov 12, 2020
    risk 0.43cvss 7.5epss 0.11

    Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

  • CVE-2019-11121HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-25658HigNov 12, 2020
    risk 0.42cvss 7.5epss 0.02

    It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

  • CVE-2020-7332HigNov 12, 2020
    risk 0.46cvss 7.0epss 0.01

    Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration.

  • CVE-2020-7331HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

  • CVE-2020-3632HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P,…

  • CVE-2020-11208HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

  • CVE-2020-11207HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655,…

  • CVE-2020-11206HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410,…

  • CVE-2020-11205HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350,…

  • CVE-2020-11202HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in…

  • CVE-2020-11201HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.02

    Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P,…

  • CVE-2020-11175HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…

  • CVE-2020-11132HigNov 12, 2020
    risk 0.46cvss 7.1epss 0.00

    u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure…

  • CVE-2020-11131HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053,…

  • CVE-2020-11130HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,…

  • CVE-2020-11127HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…

  • CVE-2020-11121HigNov 12, 2020
    risk 0.51cvss 7.8epss 0.00

    u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155,…

  • CVE-2020-7769HigNov 12, 2020
    risk 0.49cvss 8.6epss 0.02

    This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

  • CVE-2020-26070HigNov 12, 2020
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…

  • CVE-2020-2050HigNov 12, 2020
    risk 0.53cvss 8.2epss 0.01

    An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and…

  • CVE-2020-2022HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.01

    An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…

  • CVE-2020-2000HigNov 12, 2020
    risk 0.47cvss 7.2epss 0.03

    An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1…

  • CVE-2020-5992HigNov 11, 2020
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or…

  • CVE-2020-26221HigNov 11, 2020
    risk 0.52cvss 8.0epss 0.01

    touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing…

  • CVE-2020-26218HigNov 11, 2020
    risk 0.55cvss 8.0epss 0.02

    touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.

  • CVE-2020-15275HigNov 11, 2020
    risk 0.50cvss 8.7epss 0.02

    MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly…