Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13515 | 1 Nzxt | 1 Cam | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13514 | 1 Nzxt | 1 Cam | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13513 | 1 Nzxt | 1 Cam | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13512 | 1 Nzxt | 1 Cam | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2020-13464 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
| The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. | |||||
| CVE-2020-13445 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. | |||||
| CVE-2020-13425 | 1 Thetrackr | 2 Trackr, Trackr Firmware | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | |||||
| CVE-2020-13422 | 1 Openiam | 1 Openiam | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | |||||
| CVE-2020-13319 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Missing permission check for adding time spent on an issue. | |||||
| CVE-2020-13296 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens | |||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 7.4 HIGH |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-13270 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | |||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | |||||
| CVE-2020-13154 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | |||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | |||||
| CVE-2020-12745 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020). | |||||
| CVE-2020-12734 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. | |||||
| CVE-2020-12700 | 1 Dkd | 1 Direct Mail | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. | |||||
| CVE-2020-12698 | 1 Dkd | 1 Direct Mail | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. | |||||
| CVE-2020-12138 | 1 Amd | 1 Atillk64 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | |||||