Search Results (83533 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12376 1 Intel 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more 2024-11-21 5.5 Medium
Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access.
CVE-2020-12375 1 Intel 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more 2024-11-21 6.7 Medium
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12369 1 Intel 1 Graphics Drivers 2024-11-21 7.8 High
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-12358 3 Intel, Netapp, Siemens 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more 2024-11-21 4.4 Medium
Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-12302 1 Intel 1 Driver \& Support Assistant 2024-11-21 7.8 High
Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12292 1 Intel 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more 2024-11-21 5.5 Medium
Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12289 1 Intel 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more 2024-11-21 5.5 Medium
Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12284 3 Canonical, Debian, Ffmpeg 3 Ubuntu Linux, Debian Linux, Ffmpeg 2024-11-21 9.8 Critical
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
CVE-2020-12279 2 Debian, Libgit2 2 Debian Linux, Libgit2 2024-11-21 9.8 Critical
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
CVE-2020-12278 2 Debian, Libgit2 2 Debian Linux, Libgit2 2024-11-21 9.8 Critical
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
CVE-2020-12276 1 Gitlab 1 Gitlab 2024-11-21 4.8 Medium
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVE-2020-12268 4 Artifex, Debian, Opensuse and 1 more 6 Jbig2dec, Debian Linux, Leap and 3 more 2024-11-21 9.8 Critical
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
CVE-2020-12262 1 Intelbras 6 Tip200, Tip200 Firmware, Tip200lite and 3 more 2024-11-21 5.4 Medium
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.
CVE-2020-12261 1 Opmantek 1 Open-audit 2024-11-21 5.4 Medium
Open-AudIT 3.3.0 allows an XSS attack after login.
CVE-2020-12259 1 Rconfig 1 Rconfig 2024-11-21 5.4 Medium
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
CVE-2020-12256 1 Rconfig 1 Rconfig 2024-11-21 5.4 Medium
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
CVE-2020-12248 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2024-11-21 8.8 High
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
CVE-2020-12246 1 Beeline 2 Smart Box, Smart Box Firmware 2024-11-21 8.8 High
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.
CVE-2020-12245 2 Grafana, Redhat 4 Grafana, Enterprise Linux, Openshift and 1 more 2024-11-21 6.1 Medium
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
CVE-2020-12242 1 Valvesoftware 1 Source 2024-11-21 7.8 High
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.