Total
34125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12920 | 1 Amd | 1 Radeon Software | 2024-11-21 | 5.5 Medium |
| A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. | ||||
| CVE-2020-12902 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12900 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. | ||||
| CVE-2020-12899 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.1 High |
| Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. | ||||
| CVE-2020-12897 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 5.5 Medium |
| Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. | ||||
| CVE-2020-12890 | 1 Amd | 1 Amd Generic Encapsulated Software Architecture | 2024-11-21 | 6.7 Medium |
| Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system. | ||||
| CVE-2020-12889 | 1 Misp | 1 Misp-maltego | 2024-11-21 | 9.8 Critical |
| MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. | ||||
| CVE-2020-12880 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessible because the appliance has its hard disks encrypted, and no root shell is available during normal operation.) | ||||
| CVE-2020-12856 | 3 Alberta, Health, Tracetogether | 3 Abtracetogether, Covidsafe, Tracetogether | 2024-11-21 | 9.8 Critical |
| OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used. | ||||
| CVE-2020-12847 | 1 Pydio | 1 Cells | 2024-11-21 | 7.2 High |
| Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary. | ||||
| CVE-2020-12821 | 1 Protocol | 1 Gossipsub | 2024-11-21 | 9.8 Critical |
| Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. | ||||
| CVE-2020-12797 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||||
| CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.1 High |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | ||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.3 Medium |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | ||||
| CVE-2020-12776 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.6 Medium |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | ||||
| CVE-2020-12773 | 1 Realtek | 1 Adsl Router Soc Firmware | 2024-11-21 | 9.6 Critical |
| A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. | ||||
| CVE-2020-12770 | 6 Canonical, Debian, Fedoraproject and 3 more | 42 Ubuntu Linux, Debian Linux, Fedora and 39 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | ||||
| CVE-2020-12755 | 1 Kde | 1 Kio-extras | 2024-11-21 | 3.3 Low |
| fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. | ||||
| CVE-2020-12754 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). | ||||