Skip to main content
CVE-2020-8691 MEDIUM This Month

A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8690 MEDIUM This Month

Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8676 MEDIUM This Month

Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Visual Compute Accelerator 2 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0593 MEDIUM This Month

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0592 MEDIUM This Month

Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Intel +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0591 MEDIUM This Month

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Simatic Cpu 1518 4 Firmware Simatic Cpu 1518F 4 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0588 MEDIUM This Month

Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0587 MEDIUM This Month

Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8669 MEDIUM This Month

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12353 MEDIUM This Month

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12349 MEDIUM This Month

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8766 MEDIUM This Month

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Software Guard Extensions Data Center Attestation Primitives
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-8746 MEDIUM This Month

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow Active Management Technology Firmware Cloud Backup
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12322 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Dual Band Wireless Ac 3168 Firmware Dual Band Wireless Ac 8260 Firmware Dual Band Wireless Ac 8265 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12319 MEDIUM PATCH This Month

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12317 MEDIUM PATCH This Month

Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12314 MEDIUM PATCH This Month

Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12308 MEDIUM This Month

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Computing Improvement Program
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12926 MEDIUM This Month

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Amd Trusted Platform Modules Reference
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-8755 MEDIUM This Month

Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Intel Converged Security And Management Engine Server Platform Services
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-0584 MEDIUM PATCH This Month

Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Intel Ssd Dc P4800X Firmware Ssd Dc P4801X Firmware +2
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2020-27193 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm Application Express Banking Party Management +5
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-28415 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-28414 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-24443 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-24442 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-13954 MEDIUM PATCH This Month

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Cxf Snap Creator Framework Vasa Provider For Clustered Data Ontap +3
NVD
CVSS 3.1
6.1
EPSS
43.0%
CVE-2020-12912 MEDIUM This Month

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Energy Driver For Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24460 MEDIUM This Month

Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-12326 MEDIUM This Month

Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Information Disclosure Thunderbolt Dch Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12316 MEDIUM PATCH This Month

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Endpoint Management Assistant
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0573 MEDIUM This Month

Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Csi2 Host Controller
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8767 MEDIUM This Month

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Quartus Prime
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-8698 MEDIUM This Month

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hci Compute Node Bios +14
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8696 MEDIUM This Month

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hcl Compute Node Bios +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8695 MEDIUM This Month

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 8510Y Firmware Core I7 8500Y Firmware Core I5 8310Y Firmware +298
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8694 MEDIUM This Month

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Information Disclosure Core I7 8510Y Firmware Core I7 8500Y Firmware +297
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-0575 MEDIUM PATCH This Month

Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Microsoft Information Disclosure Unite
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-24441 MEDIUM PATCH This Month

Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Authentication Bypass Adobe Acrobat Reader
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-11123 MEDIUM This Month

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +112
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-17494 MEDIUM PATCH This Month

Untangle Firewall NG before 16.0 uses MD5 for passwords. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Untangle Firewall Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-28247 MEDIUM PATCH This Month

The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Lettre
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-1999 MEDIUM This Month

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-7333 MEDIUM This Month

Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-8761 MEDIUM This Month

Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security And Manageability Engine
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2020-8751 MEDIUM This Month

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Converged Security And Manageability Engine Trusted Execution Technology
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-12311 MEDIUM This Month

Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Ssd Pro 6000P Firmware Ssd Pro 5450S Firmware Ssd E 5100S Firmware +12
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-12310 MEDIUM This Month

Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Ssd Pro 6000P Firmware Ssd Pro 5450S Firmware Ssd E 5100S Firmware +12
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2020-12309 MEDIUM This Month

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Ssd Pro 6000P Firmware Ssd Pro 5450S Firmware Ssd E 5100S Firmware +12
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-12328 MEDIUM This Month

Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Information Disclosure Thunderbolt Dch Driver
NVD
CVSS 3.1
4.4
EPSS
0.3%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy