Skip to main content
CVE-2020-12331 HIGH This Week

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Unite Cloud Service Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12330 HIGH This Week

Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Falcon 8 Uas Asctec Thermal Viewer Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12329 HIGH This Week

Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Vtune Profiler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12325 HIGH This Week

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Thunderbolt Dch Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12324 HIGH This Week

Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Thunderbolt Dch Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12320 HIGH This Week

Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Scs Add On For Microsoft Sccm
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8760 HIGH This Week

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Integer Overflow Active Management Technology Firmware Cloud Backup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8750 HIGH This Week

Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Memory Corruption Use After Free Intel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8744 HIGH PATCH This Week

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Converged Security And Management Engine Server Platform Services Trusted Execution Engine +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8739 HIGH This Week

Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Aff Bios Fas Bios +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-13771 HIGH This Week

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13770 HIGH This Week

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-12354 HIGH This Week

Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Microsoft Active Management Technology Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12318 HIGH PATCH This Week

Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Proset Wireless Wifi
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12307 HIGH This Week

Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel High Definition Audio Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12306 HIGH This Week

Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Realsense D400 Series Dynamic Calibration Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12304 HIGH This Week

Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Dynamic Application Loader Software Developement Kit
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12303 HIGH This Week

Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Intel Memory Corruption Converged Security And Manageability Engine +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12297 HIGH This Week

Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Microsoft Converged Security And Manageability Engine Trusted Execution Technology
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-0590 HIGH PATCH This Week

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Xeon Bronze 3206R Firmware Xeon Gold 5218R Firmware Xeon Gold 5220R Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7331 HIGH This Week

Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3632 HIGH This Week

u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Qsm8350 Firmware Sc7180 Firmware Sdx55 Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11205 HIGH This Week

u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Qsm8350 Firmware Sa6145p Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11175 HIGH This Week

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Denial Of Service Memory Corruption Apq8009W Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11131 HIGH This Week

u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11130 HIGH This Week

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Qcm4290 Firmware Qcs4290 Firmware Qm215 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11127 HIGH This Week

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Mdm9205 Firmware Qcm4290 Firmware +51
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-11121 HIGH This Week

u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Qcm4290 Firmware Qcs4290 Firmware Qm215 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-15783 HIGH This Week

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sinumerik 840D Sl Firmware Simatic S7 300 Cpu 312 Firmware Simatic S7 300 Cpu 314 Firmware Simatic S7 300 Cpu 315 2 Dp Firmware +8
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-24454 HIGH PATCH This Week

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Intel XXE Information Disclosure Quartus Prime
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8754 HIGH This Week

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Active Management Technology Firmware Cloud Backup +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-8753 HIGH This Week

Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Active Management Technology Firmware Standard Manageability
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-2022 HIGH This Week

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-2000 HIGH This Week

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2020-11132 HIGH This Week

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8009 Firmware Apq8096Au Firmware +79
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-8745 MEDIUM PATCH This Month

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Converged Security And Manageability Engine Trusted Execution Technology Simatic Drive Controller Firmware +19
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8737 MEDIUM PATCH This Month

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Information Disclosure Quartus Prime Stratix 10 Fpga Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8705 MEDIUM This Month

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security And Manageability Engine Trusted Execution Technology Server Platform Services
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-12355 MEDIUM This Month

Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Trusted Execution Engine
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12312 MEDIUM This Month

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Quartus Prime Pro Stratix 10 Fpga Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12337 MEDIUM This Month

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-12323 MEDIUM This Month

Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Adas Ie
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0572 MEDIUM PATCH This Month

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Board S2600St Firmware Server Board S2600Wf Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8764 MEDIUM This Month

Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Aff Bios Fas Bios +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8757 MEDIUM This Month

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8756 MEDIUM This Month

Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security And Manageability Engine
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8740 MEDIUM This Month

Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Bios +5
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8738 MEDIUM This Month

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Cloud Backup Fas Aff Bios +3
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8693 MEDIUM This Month

Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8692 MEDIUM This Month

Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy