Total
35020 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8318 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8316 | 1 Lenovo | 1 Vantage | 2024-11-21 | 4.4 Medium |
| A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | ||||
| CVE-2020-8255 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 4.9 Medium |
| A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. | ||||
| CVE-2020-8250 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 7.8 High |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | ||||
| CVE-2020-8248 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 7.8 High |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | ||||
| CVE-2020-8241 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 7.5 High |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | ||||
| CVE-2020-8240 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 7.8 High |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. | ||||
| CVE-2020-8239 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 9.8 Critical |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. | ||||
| CVE-2020-8216 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. | ||||
| CVE-2020-8199 | 1 Citrix | 1 Gateway Plug-in For Linux | 2024-11-21 | 7.8 High |
| Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. | ||||
| CVE-2020-8197 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 8.8 High |
| Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. | ||||
| CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2024-11-21 | 6.8 Medium |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | ||||
| CVE-2020-8145 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 6.5 Medium |
| The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer. | ||||
| CVE-2020-8088 | 1 Usebb | 1 Usebb | 2024-11-21 | 9.8 Critical |
| panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-8004 | 1 St | 2 Stm32f1, Stm32f1 Firmware | 2024-11-21 | 7.5 High |
| STMicroelectronics STM32F1 devices have Incorrect Access Control. | ||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | ||||
| CVE-2020-7976 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | ||||