Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9083 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. | |||||
| CVE-2020-9090 | 1 Huawei | 1 Fusionaccess | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. | |||||
| CVE-2020-9102 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800 | |||||
| CVE-2020-9119 | 1 Huawei | 10 Mate 10, Mate 10 Firmware, Mate 30 and 7 more | 2021-07-21 | 4.6 MEDIUM | 6.2 MEDIUM |
| There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. | |||||
| CVE-2020-9228 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||||
| CVE-2020-9229 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||||
| CVE-2020-9241 | 1 Huawei | 2 E6878-370, E6878-370 Firmware | 2021-07-21 | 6.8 MEDIUM | 7.0 HIGH |
| Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. | |||||
| CVE-2020-9244 | 1 Huawei | 20 Honor 20, Honor 20 Firmware, Honor 20 Pro and 17 more | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3P8);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);Honor20 versions Versions earlier than 10.0.0.175(C00E58R4P11);Honor20 PRO versions Versions earlier than 10.0.0.194(C00E62R8P12);HonorMagic2 versions Versions earlier than 10.0.0.187(C00E61R2P11);HonorV20 versions Versions earlier than 10.0.0.188(C00E62R2P11) have an improper authentication vulnerability. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged | |||||
| CVE-2020-9245 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function. | |||||
| CVE-2020-9246 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. | |||||
| CVE-2020-9248 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. | |||||
| CVE-2020-9251 | 1 Huawei | 2 Mate 20, P30 Firmware | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8). | |||||
| CVE-2020-9260 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-9286 | 1 Fortinet | 2 Fortiadc, Fortiadc Firmware | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | |||||
| CVE-2020-9326 | 1 Beyondtrust | 1 Privilege Management For Windows And Mac | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash. | |||||
| CVE-2020-9331 | 1 Cryptopro | 1 Csp | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space. | |||||
| CVE-2020-9332 | 1 Fabulatech | 1 Usb For Remote Desktop | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. | |||||
| CVE-2020-9343 | 2 Microsoft, Signotec | 2 Windows, Signopad-api\/web | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. | |||||
| CVE-2020-9361 | 1 Cryptopro | 1 Csp | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | |||||
| CVE-2020-9379 | 1 Mitel | 1 Micontact Center Business | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. | |||||