Export limit exceeded: 80538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12324 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 7.8 High |
| Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12321 | 2 Intel, Redhat | 27 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 24 more | 2024-11-21 | 8.8 High |
| Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-12320 | 1 Intel | 1 Scs Add-on For Microsoft Sccm | 2024-11-21 | 7.8 High |
| Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12318 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2024-11-21 | 7.8 High |
| Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12313 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2024-11-21 | 8.8 High |
| Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-12307 | 1 Intel | 1 High Definition Audio Driver | 2024-11-21 | 7.8 High |
| Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12306 | 2 Intel, Microsoft | 2 Realsense D400 Series Dynamic Calibration Tool, Windows | 2024-11-21 | 7.8 High |
| Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12304 | 2 Intel, Microsoft | 2 Dynamic Application Loader Software Developement Kit, Windows | 2024-11-21 | 7.8 High |
| Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | ||||
| CVE-2020-12303 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2024-11-21 | 7.8 High |
| Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | ||||
| CVE-2020-12302 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 7.8 High |
| Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12301 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2024-11-21 | 8.2 High |
| Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12300 | 1 Intel | 46 S2600cw2, S2600cw2 Firmware, S2600cw2r and 43 more | 2024-11-21 | 8.2 High |
| Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12299 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2024-11-21 | 8.2 High |
| Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12297 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2024-11-21 | 7.8 High |
| Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | ||||
| CVE-2020-12287 | 1 Intel | 1 Distribution Of Openvino Toolkit | 2024-11-21 | 7.8 High |
| Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12282 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 8.8 High |
| iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) | ||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | ||||
| CVE-2020-12266 | 1 Wavlink | 30 Jetstream Ac3000, Jetstream Ac3000 Firmware, Jetstream Erac3000 and 27 more | 2024-11-21 | 7.5 High |
| An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 | ||||
| CVE-2020-12257 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | ||||
| CVE-2020-12255 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. | ||||