Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5130 | 1 Sonicwall | 1 Sonicos | 2020-07-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. | |||||
| CVE-2020-5131 | 1 Sonicwall | 1 Netextender | 2020-07-22 | 4.6 MEDIUM | 7.8 HIGH |
| SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. | |||||
| CVE-2020-0538 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2020-0537 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. | |||||
| CVE-2020-0536 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-0535 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-0534 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2020-0532 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 4.8 MEDIUM | 7.1 HIGH |
| Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||
| CVE-2020-0531 | 1 Intel | 1 Active Management Technology Firmware | 2020-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-1043 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042. | |||||
| CVE-2020-1042 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043. | |||||
| CVE-2020-1041 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2020-1040 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2020-1032 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2020-1036 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2020-07-21 | 7.7 HIGH | 9.0 CRITICAL |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | |||||
| CVE-2018-8956 | 1 Ntp | 1 Ntp | 2020-07-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. | |||||
| CVE-2019-1306 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2020-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2020-15543 | 1 Solarwinds | 1 Serv-u Ftp Server | 2020-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | |||||
| CVE-2016-1182 | 1 Apache | 1 Struts | 2020-07-15 | 6.4 MEDIUM | 8.2 HIGH |
| ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | |||||
| CVE-2015-8607 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Pathtools | 2020-07-15 | 7.5 HIGH | 7.3 HIGH |
| The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. | |||||