Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8353 | 1 Lenovo | 28 Thinkcentre M80s, Thinkcentre M80s Firmware, Thinkcentre M80t and 25 more | 2020-11-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. | |||||
| CVE-2020-8677 | 1 Intel | 2 Visual Compute Accelerator 2, Visual Compute Accelerator 2 Firmware | 2020-11-30 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-1847 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2019-19563 | 1 Harman | 1 Hermes | 2020-11-29 | 2.1 LOW | 2.4 LOW |
| A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information. | |||||
| CVE-2020-13352 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13348 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 4.0 MEDIUM | 5.7 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-8352 | 1 Lenovo | 32 Qitian 4500, Qitian 4500 Firmware, Qitian B4550 and 29 more | 2020-11-25 | 2.1 LOW | 2.4 LOW |
| In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | |||||
| CVE-2020-1599 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-11-24 | 2.1 LOW | 5.5 MEDIUM |
| Windows Spoofing Vulnerability | |||||
| CVE-2020-17105 | 1 Microsoft | 1 Av1 Video Extension | 2020-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| AV1 Video Extension Remote Code Execution Vulnerability | |||||
| CVE-2019-8858 | 1 Apple | 1 Mac Os X | 2020-11-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. | |||||
| CVE-2020-16126 | 1 Freedesktop | 1 Accountsservice | 2020-11-24 | 2.1 LOW | 3.3 LOW |
| An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | |||||
| CVE-2020-1325 | 1 Microsoft | 1 Azure Devops Server | 2020-11-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||||
| CVE-2020-27694 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2020-11-24 | 6.5 MEDIUM | 8.8 HIGH |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | |||||
| CVE-2020-24384 | 1 A10networks | 2 Advanced Core Operating System, Agalaxy | 2020-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. | |||||
| CVE-2020-28267 | 1 Set Project | 1 Set | 2020-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2018-17774 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2020-11-23 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2020-17067 | 1 Microsoft | 3 365 Apps, Excel, Office | 2020-11-23 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2020-17068 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-11-23 | 7.2 HIGH | 7.8 HIGH |
| Windows GDI+ Remote Code Execution Vulnerability | |||||
| CVE-2020-26810 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. | |||||
| CVE-2020-26814 | 1 Sap | 1 Process Integration \(pgp Module - Business-to-business Add On\) | 2020-11-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure. | |||||