Skip to main content
CVE-2020-25706 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2020-25658 MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Openstack Platform Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-11209 MEDIUM POC This Month

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sd820 Firmware Sd821 Firmware Qcs603 Firmware Qcs605 Firmware +9
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2020-8745 MEDIUM PATCH This Month

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Converged Security And Manageability Engine Trusted Execution Technology Simatic Drive Controller Firmware +19
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8737 MEDIUM PATCH This Month

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Intel Information Disclosure Quartus Prime Stratix 10 Fpga Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-8705 MEDIUM This Month

Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security And Manageability Engine Trusted Execution Technology Server Platform Services
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2020-12355 MEDIUM This Month

Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Trusted Execution Engine
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12312 MEDIUM This Month

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Quartus Prime Pro Stratix 10 Fpga Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2020-12337 MEDIUM This Month

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Nuc 8 Mainstream G Kit Nuc8I5Inh Firmware Nuc 8 Mainstream G Kit Nuc8I7Inh Firmware Nuc 8 Mainstream G Mini Pc Nuc8I5Inh Firmware +20
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-12323 MEDIUM This Month

Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Adas Ie
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0572 MEDIUM PATCH This Month

Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Board S2600St Firmware Server Board S2600Wf Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8764 MEDIUM This Month

Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Aff Bios Fas Bios +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8757 MEDIUM This Month

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8756 MEDIUM This Month

Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Converged Security And Manageability Engine
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8740 MEDIUM This Month

Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Bios +5
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8738 MEDIUM This Month

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Cloud Backup Fas Aff Bios +3
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8693 MEDIUM This Month

Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8692 MEDIUM This Month

Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8691 MEDIUM This Month

A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8690 MEDIUM This Month

Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel V710 At2 Firmware X710 Tm4 Firmware +6
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8676 MEDIUM This Month

Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Visual Compute Accelerator 2 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0593 MEDIUM This Month

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0592 MEDIUM This Month

Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Privilege Escalation Memory Corruption Intel +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0591 MEDIUM This Month

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios Simatic Cpu 1518 4 Firmware Simatic Cpu 1518F 4 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0588 MEDIUM This Month

Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-0587 MEDIUM This Month

Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Bios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-8669 MEDIUM This Month

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12353 MEDIUM This Month

Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-12349 MEDIUM This Month

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Data Center Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-8766 MEDIUM This Month

Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Software Guard Extensions Data Center Attestation Primitives
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-8746 MEDIUM This Month

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow Active Management Technology Firmware Cloud Backup
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12322 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Dual Band Wireless Ac 3168 Firmware Dual Band Wireless Ac 8260 Firmware Dual Band Wireless Ac 8265 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12319 MEDIUM PATCH This Month

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12317 MEDIUM PATCH This Month

Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-12314 MEDIUM PATCH This Month

Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Intel Proset Wireless Wifi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-12308 MEDIUM This Month

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Computing Improvement Program
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-12926 MEDIUM This Month

The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Amd Trusted Platform Modules Reference
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-8755 MEDIUM This Month

Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Privilege Escalation Intel Converged Security And Management Engine Server Platform Services
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-0584 MEDIUM PATCH This Month

Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Intel Ssd Dc P4800X Firmware Ssd Dc P4801X Firmware +2
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2020-27193 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm Application Express Banking Party Management +5
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-28415 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-28414 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tranzware Payment Gateway
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-24443 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-24442 MEDIUM This Month

Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-13954 MEDIUM PATCH This Month

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Apache Cxf Snap Creator Framework Vasa Provider For Clustered Data Ontap +3
NVD
CVSS 3.1
6.1
EPSS
43.0%
CVE-2020-12912 MEDIUM This Month

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Energy Driver For Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24460 MEDIUM This Month

Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Intel Driver Support Assistant
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-12326 MEDIUM This Month

Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Information Disclosure Thunderbolt Dch Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12316 MEDIUM PATCH This Month

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Endpoint Management Assistant
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-0573 MEDIUM This Month

Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Csi2 Host Controller
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy