CVE-2020-8749
- Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Published:
November 12, 2020; 1:15:17 PM -0500
V3.1: 8.8 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-8760
- Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
Published:
November 12, 2020; 1:15:18 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-8757
- Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
Published:
November 12, 2020; 1:15:18 PM -0500
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-28409
- The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.
Published:
November 10, 2020; 4:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-28408
- The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.
Published:
November 10, 2020; 4:15:13 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-8747
- Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
Published:
November 12, 2020; 1:15:17 PM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-8746
- Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Published:
November 12, 2020; 1:15:17 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2020-27016
- Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessin...
read CVE-2020-27016
Published:
November 09, 2020; 6:15:12 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-12356
- Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.
Published:
November 12, 2020; 1:15:14 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-8752
- Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
Published:
November 12, 2020; 1:15:17 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-25268
- Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
Published:
November 10, 2020; 5:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-8754
- Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
Published:
November 12, 2020; 1:15:17 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25267
- An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
Published:
November 10, 2020; 5:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-17053
- Internet Explorer Memory Corruption Vulnerability
Published:
November 11, 2020; 2:15:16 AM -0500
CVE-2020-27017
- Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already ...
read CVE-2020-27017
Published:
November 09, 2020; 6:15:12 PM -0500
V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-8150
- A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
Published:
November 09, 2020; 10:15:13 AM -0500
V3.1: 4.1 MEDIUM
V2.0: 1.9 LOW
CVE-2020-27693
- Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
Published:
November 09, 2020; 6:15:12 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-17004
- Windows Graphics Component Information Disclosure Vulnerability
Published:
November 11, 2020; 2:15:13 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-17010
- Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.
Published:
November 11, 2020; 2:15:14 AM -0500
CVE-2020-26818
- SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privi...
read CVE-2020-26818
Published:
November 10, 2020; 12:15:13 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM