| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-12000 | The affected product is vulnerable to the handling of serialized data. The issue results from the la... | | |
| CVE-2020-12001 | FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Componen... | | |
| CVE-2020-12002 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overfl... | | |
| CVE-2020-12003 | FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Componen... | | |
| CVE-2020-12004 | The affected product lacks proper authentication required to query the server on the Ignition 8 Gate... | | |
| CVE-2020-12005 | FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Componen... | | |
| CVE-2020-12006 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v... | | |
| CVE-2020-12007 | A specially crafted communication packet sent to the affected devices could allow remote code execut... | | |
| CVE-2020-12008 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use clea... | | |
| CVE-2020-12009 | A specially crafted communication packet sent to the affected device could cause a denial-of-service... | | |
| CVE-2020-12010 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v... | | |
| CVE-2020-12011 | A specially crafted communication packet sent to the affected systems could cause a denial-of-servic... | | |
| CVE-2020-12012 | Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, Exact... | | |
| CVE-2020-12013 | A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary S... | | |
| CVE-2020-12014 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized an... | | |
| CVE-2020-12015 | A specially crafted communication packet sent to the affected systems could cause a denial-of-servic... | | |
| CVE-2020-12016 | Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, Exact... | | |
| CVE-2020-12017 | GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. T... | | |
| CVE-2020-12018 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exi... | | |
| CVE-2020-12019 | WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may all... | | |
| CVE-2020-12020 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1... | | |
| CVE-2020-12021 | In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is ... | | |
| CVE-2020-12022 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerabili... | | |
| CVE-2020-12023 | Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system int... | | |
| CVE-2020-12024 | Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4... | | |
| CVE-2020-12025 | Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml... | | |
| CVE-2020-12026 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v... | | |
| CVE-2020-12027 | Rockwell Automation FactoryTalk View SE | S | |
| CVE-2020-12028 | Rockwell Automation FactoryTalk View SE | E S | |
| CVE-2020-12029 | Rockwell Automation FactoryTalk View SE | E S | |
| CVE-2020-12030 | Emerson WirelessHART Gateway | S | |
| CVE-2020-12031 | Rockwell Automation FactoryTalk View SE | S | |
| CVE-2020-12032 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store de... | | |
| CVE-2020-12033 | In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (Rdc... | | |
| CVE-2020-12034 | Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously cal... | S | |
| CVE-2020-12035 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a ... | | |
| CVE-2020-12036 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not imple... | | |
| CVE-2020-12037 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not imple... | | |
| CVE-2020-12038 | Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously cal... | S | |
| CVE-2020-12039 | Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter S... | | |
| CVE-2020-12040 | Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s... | | |
| CVE-2020-12041 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, gra... | | |
| CVE-2020-12042 | Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update t... | | |
| CVE-2020-12043 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless netwo... | | |
| CVE-2020-12045 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Ba... | | |
| CVE-2020-12046 | Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified... | | |
| CVE-2020-12047 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum ... | | |
| CVE-2020-12048 | Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not supp... | | |
| CVE-2020-12049 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-... | E S | |
| CVE-2020-12050 | SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition lea... | | |
| CVE-2020-12051 | The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive ... | S | |
| CVE-2020-12052 | Grafana version < 6.7.3 is vulnerable for annotation popup XSS.... | | |
| CVE-2020-12053 | In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used with... | | |
| CVE-2020-12054 | The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a s... | E | |
| CVE-2020-12058 | Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and ... | S | |
| CVE-2020-12059 | An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash... | S | |
| CVE-2020-12061 | An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microco... | E S | |
| CVE-2020-12062 | The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes syst... | S | |
| CVE-2020-12063 | A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-lookin... | E | |
| CVE-2020-12066 | CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers... | S | |
| CVE-2020-12067 | In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's passw... | | |
| CVE-2020-12068 | An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS R... | M | |
| CVE-2020-12069 | CODESYS V3 prone to Inadequate Password Hashing | | |
| CVE-2020-12070 | The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive informati... | | |
| CVE-2020-12071 | Anchor 0.12.7 allows admins to cause XSS via crafted post content.... | E | |
| CVE-2020-12073 | The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/a... | E | |
| CVE-2020-12074 | The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscr... | E | |
| CVE-2020-12075 | The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks fo... | E | |
| CVE-2020-12076 | The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks fo... | | |
| CVE-2020-12077 | The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly impleme... | E | |
| CVE-2020-12078 | An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes t... | E S | |
| CVE-2020-12079 | Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs ... | | |
| CVE-2020-12080 | A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.... | E | |
| CVE-2020-12081 | An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0... | | |
| CVE-2020-12082 | A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releas... | | |
| CVE-2020-12083 | An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to an... | | |
| CVE-2020-12100 | In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attack... | E | |
| CVE-2020-12101 | The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero... | E S | |
| CVE-2020-12102 | In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory ... | | |
| CVE-2020-12103 | In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which... | | |
| CVE-2020-12104 | The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticat... | | |
| CVE-2020-12105 | OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which mi... | | |
| CVE-2020-12106 | The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP PO... | | |
| CVE-2020-12107 | The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, w... | | |
| CVE-2020-12108 | /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.... | E S | |
| CVE-2020-12109 | Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 ... | E | |
| CVE-2020-12110 | Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210... | E | |
| CVE-2020-12111 | Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5... | E | |
| CVE-2020-12112 | BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusio... | E S | |
| CVE-2020-12113 | BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React i... | S | |
| CVE-2020-12114 | A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before... | S | |
| CVE-2020-12116 | Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an un... | | |
| CVE-2020-12117 | Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensiti... | S | |
| CVE-2020-12118 | The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate craf... | S | |
| CVE-2020-12119 | Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's bal... | S | |
| CVE-2020-12120 | The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive... | E | |
| CVE-2020-12122 | In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to ... | E | |
| CVE-2020-12123 | CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an a... | | |
| CVE-2020-12124 | A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK W... | | |
| CVE-2020-12125 | A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530... | | |
| CVE-2020-12126 | Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H... | | |
| CVE-2020-12127 | An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK... | | |
| CVE-2020-12128 | DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path.... | E | |
| CVE-2020-12129 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder fun... | E | |
| CVE-2020-12130 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.... | E | |
| CVE-2020-12131 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo... | E | |
| CVE-2020-12132 | Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.... | | |
| CVE-2020-12133 | The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code ... | E | |
| CVE-2020-12134 | Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the sysl... | E | |
| CVE-2020-12135 | bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return v... | E S | |
| CVE-2020-12137 | GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME par... | | |
| CVE-2020-12138 | AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory ... | E | |
| CVE-2020-12140 | A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allow... | S | |
| CVE-2020-12141 | An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a ... | S | |
| CVE-2020-12142 | IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials | S | |
| CVE-2020-12143 | The certificate used to identify Orchestrator to EdgeConnect devices is not validated | S | |
| CVE-2020-12144 | The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated | S | |
| CVE-2020-12145 | Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers. | S | |
| CVE-2020-12146 | Silver Peak Unity OrchestratorTM subject to path traversal. | S | |
| CVE-2020-12147 | Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database. | S | |
| CVE-2020-12148 | OS Command Injection - nslookup API | | |
| CVE-2020-12149 | OS Command Injection - Management File Upload | S | |
| CVE-2020-12242 | Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which i... | E | |
| CVE-2020-12243 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions ... | E S | |
| CVE-2020-12244 | An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section... | | |
| CVE-2020-12245 | Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.... | S | |
| CVE-2020-12246 | Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injectio... | E | |
| CVE-2020-12247 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens... | | |
| CVE-2020-12248 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arb... | | |
| CVE-2020-12251 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticat... | | |
| CVE-2020-12252 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary f... | | |
| CVE-2020-12254 | Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service v... | | |
| CVE-2020-12255 | rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload f... | | |
| CVE-2020-12256 | rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user inp... | E | |
| CVE-2020-12257 | rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of ... | E | |
| CVE-2020-12258 | rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishand... | | |
| CVE-2020-12259 | rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user in... | | |
| CVE-2020-12261 | Open-AudIT 3.3.0 allows an XSS attack after login.... | E | |
| CVE-2020-12262 | Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/... | E | |
| CVE-2020-12265 | The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an ... | E S | |
| CVE-2020-12266 | An issue was discovered where there are multiple externally accessible pages that do not require any... | | |
| CVE-2020-12267 | setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.... | E S | |
| CVE-2020-12268 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflo... | E S | |
| CVE-2020-12270 | React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make ... | E | |
| CVE-2020-12271 | A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Fi... | KEV E | |
| CVE-2020-12272 | OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false... | E | |
| CVE-2020-12273 | In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.... | E S | |
| CVE-2020-12274 | In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk be... | S | |
| CVE-2020-12275 | GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to cre... | | |
| CVE-2020-12276 | GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.... | | |
| CVE-2020-12277 | GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the ... | | |
| CVE-2020-12278 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalen... | S | |
| CVE-2020-12279 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equiv... | S | |
| CVE-2020-12280 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified ga... | E | |
| CVE-2020-12281 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /in... | E | |
| CVE-2020-12282 | iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching fo... | E | |
| CVE-2020-12283 | Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in... | E S | |
| CVE-2020-12284 | cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer ove... | E S | |
| CVE-2020-12286 | In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped ... | | |
| CVE-2020-12287 | Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may... | | |
| CVE-2020-12288 | Protection mechanism failure in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated... | | |
| CVE-2020-12289 | Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to ... | | |
| CVE-2020-12290 | Improper access control in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user... | | |
| CVE-2020-12291 | Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenti... | | |
| CVE-2020-12292 | Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated us... | | |
| CVE-2020-12293 | Improper control of a resource through its lifetime in some Intel(R) Thunderbolt(TM) controllers may... | | |
| CVE-2020-12294 | Insufficient control flow management in some Intel(R) Thunderbolt(TM) controllers may allow an authe... | | |
| CVE-2020-12295 | Improper input validation in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated us... | | |
| CVE-2020-12296 | Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenti... | | |
| CVE-2020-12297 | Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 1... | | |
| CVE-2020-12298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12299 | Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S... | S | |
| CVE-2020-12300 | Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP,... | S | |
| CVE-2020-12301 | Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S26... | S | |
| CVE-2020-12302 | Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow a... | | |
| CVE-2020-12303 | Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.... | | |
| CVE-2020-12304 | Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow a... | | |
| CVE-2020-12305 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12306 | Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool bef... | | |
| CVE-2020-12307 | Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may ... | | |
| CVE-2020-12308 | Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may a... | | |
| CVE-2020-12309 | Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data... | | |
| CVE-2020-12310 | Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data ... | | |
| CVE-2020-12311 | Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data ... | | |
| CVE-2020-12312 | Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) ... | | |
| CVE-2020-12313 | Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 2... | S | |
| CVE-2020-12314 | Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may a... | S | |
| CVE-2020-12315 | Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potenti... | S | |
| CVE-2020-12316 | Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorize... | S | |
| CVE-2020-12317 | Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may... | S | |
| CVE-2020-12318 | Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 ma... | S | |
| CVE-2020-12319 | Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 2... | S | |
| CVE-2020-12320 | Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow ... | | |
| CVE-2020-12321 | Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 ma... | S | |
| CVE-2020-12322 | Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may ... | S | |
| CVE-2020-12323 | Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privile... | | |
| CVE-2020-12324 | Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before versio... | | |
| CVE-2020-12325 | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before versio... | | |
| CVE-2020-12326 | Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 ... | | |
| CVE-2020-12327 | Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* b... | | |
| CVE-2020-12328 | Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before versio... | | |
| CVE-2020-12329 | Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow a... | | |
| CVE-2020-12330 | Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all vers... | | |
| CVE-2020-12331 | Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow a... | | |
| CVE-2020-12332 | Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may al... | | |
| CVE-2020-12333 | Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may a... | | |
| CVE-2020-12334 | Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 ma... | | |
| CVE-2020-12335 | Improper permissions in the installer for the Intel(R) Processor Identification Utility before versi... | | |
| CVE-2020-12336 | Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticat... | | |
| CVE-2020-12337 | Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to poten... | | |
| CVE-2020-12338 | Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an un... | S | |
| CVE-2020-12339 | Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC befo... | | |
| CVE-2020-12340 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12345 | Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.... | | |
| CVE-2020-12346 | Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1... | | |
| CVE-2020-12347 | Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow... | | |
| CVE-2020-12348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12349 | Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow... | | |
| CVE-2020-12350 | Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user... | | |
| CVE-2020-12351 | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalatio... | E | |
| CVE-2020-12352 | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information... | E | |
| CVE-2020-12353 | Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an a... | | |
| CVE-2020-12354 | Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 m... | | |
| CVE-2020-12355 | Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R... | | |
| CVE-2020-12356 | Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70... | | |
| CVE-2020-12357 | Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to ... | S | |
| CVE-2020-12358 | Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to pote... | S | |
| CVE-2020-12359 | Insufficient control flow management in the firmware for some Intel(R) Processors may allow an unaut... | | |
| CVE-2020-12360 | Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to p... | S | |
| CVE-2020-12361 | Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authentic... | | |
| CVE-2020-12362 | Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.... | | |
| CVE-2020-12363 | Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.72... | | |
| CVE-2020-12364 | Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 ... | | |
| CVE-2020-12365 | Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45... | | |
| CVE-2020-12366 | Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may al... | | |
| CVE-2020-12367 | Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privile... | | |
| CVE-2020-12368 | Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privile... | | |
| CVE-2020-12369 | Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privi... | | |
| CVE-2020-12370 | Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may al... | | |
| CVE-2020-12371 | Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privilege... | | |
| CVE-2020-12372 | Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a p... | | |
| CVE-2020-12373 | Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allo... | | |
| CVE-2020-12374 | Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modu... | S | |
| CVE-2020-12375 | Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Module... | S | |
| CVE-2020-12376 | Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Comput... | S | |
| CVE-2020-12377 | Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems an... | S | |
| CVE-2020-12378 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12379 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12380 | Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute M... | S | |
| CVE-2020-12381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12383 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12384 | Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an... | | |
| CVE-2020-12385 | Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow ... | | |
| CVE-2020-12386 | Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an auth... | | |
| CVE-2020-12387 | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. Th... | | |
| CVE-2020-12388 | The Firefox content processes did not sufficiently lockdown access control which could result in a s... | | |
| CVE-2020-12389 | The Firefox content processes did not sufficiently lockdown access control which could result in a s... | | |
| CVE-2020-12390 | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. ... | | |
| CVE-2020-12391 | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating con... | | |
| CVE-2020-12392 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a ... | | |
| CVE-2020-12393 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a req... | | |
| CVE-2020-12394 | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the cur... | | |
| CVE-2020-12395 | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firef... | | |
| CVE-2020-12396 | Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of ... | | |
| CVE-2020-12397 | By encoding Unicode whitespace characters within the From email header, an attacker can spoof the se... | S | |
| CVE-2020-12398 | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH resp... | | |
| CVE-2020-12399 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eve... | | |
| CVE-2020-12400 | When converting coordinates from projective to affine, the modular inversion was not performed in co... | | |
| CVE-2020-12401 | During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time sca... | | |
| CVE-2020-12402 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean ... | | |
| CVE-2020-12403 | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When u... | S | |
| CVE-2020-12404 | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can... | | |
| CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to ... | E | |
| CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resul... | | |
| CVE-2020-12407 | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditi... | | |
| CVE-2020-12408 | When browsing a document hosted on an IP address, an attacker could insert certain characters to fli... | | |
| CVE-2020-12409 | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of a... | | |
| CVE-2020-12410 | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of t... | | |
| CVE-2020-12411 | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evid... | | |
| CVE-2020-12412 | By navigating a tab using the history API, an attacker could cause the address bar to display the in... | | |
| CVE-2020-12413 | The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitig... | | |
| CVE-2020-12414 | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewC... | | |
| CVE-2020-12415 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and a... | | |
| CVE-2020-12416 | A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink,... | E | |
| CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier,... | E | |
| CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking proce... | | |
| CVE-2020-12419 | When processing callbacks that occurred during window flushing in the parent process, the associated... | | |
| CVE-2020-12420 | When trying to connect to a STUN server, a race condition could have caused a use-after-free of a po... | E | |
| CVE-2020-12421 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (... | | |
| CVE-2020-12422 | In non-standard configurations, a JPEG image created by JavaScript could have caused an internal var... | | |
| CVE-2020-12423 | When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was p... | | |
| CVE-2020-12424 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This ... | | |
| CVE-2020-12425 | Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could ... | | |
| CVE-2020-12426 | Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of ... | E S | |
| CVE-2020-12427 | The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is... | | |
| CVE-2020-12429 | Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete databas... | E | |
| CVE-2020-12430 | An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though... | S | |
| CVE-2020-12431 | A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insec... | E | |
| CVE-2020-12432 | The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict deliver... | E | |
| CVE-2020-12438 | An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited bec... | E S | |
| CVE-2020-12439 | Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockc... | S | |
| CVE-2020-12440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-12441 | Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow i... | | |
| CVE-2020-12442 | Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, ... | | |
| CVE-2020-12443 | BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename ... | E S | |
| CVE-2020-12446 | The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapp... | | |
| CVE-2020-12447 | A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote u... | E | |
| CVE-2020-12448 | GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet... | | |
| CVE-2020-12456 | A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could al... | | |
| CVE-2020-12457 | An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message ... | S | |
| CVE-2020-12458 | An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/g... | E | |
| CVE-2020-12459 | In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/graf... | S | |
| CVE-2020-12460 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function ... | E | |
| CVE-2020-12461 | PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanis... | E S | |
| CVE-2020-12462 | The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.... | | |
| CVE-2020-12463 | An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to i... | | |
| CVE-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free be... | E S | |
| CVE-2020-12465 | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in... | S | |
| CVE-2020-12467 | Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.... | E | |
| CVE-2020-12468 | Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phra... | E | |
| CVE-2020-12469 | admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file delet... | E | |
| CVE-2020-12470 | MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX templ... | E | |
| CVE-2020-12471 | MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworkin... | E | |
| CVE-2020-12472 | MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.... | E | |
| CVE-2020-12473 | MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter... | E | |
| CVE-2020-12474 | Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for i... | | |
| CVE-2020-12475 | TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via c... | E | |
| CVE-2020-12477 | The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP addr... | E | |
| CVE-2020-12478 | TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. ... | E | |
| CVE-2020-12479 | TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerabilit... | E | |
| CVE-2020-12480 | In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple request... | | |
| CVE-2020-12483 | AppStore Remote Download and Installation Vulnerability | | |
| CVE-2020-12484 | When using special mode to connect to enterprise wifi, certain options are not properly configured a... | | |
| CVE-2020-12485 | The frame touch module does not make validity judgments on parameter lengths when processing specifi... | | |
| CVE-2020-12487 | Command Execution Vulnerability in ABE service | | |
| CVE-2020-12488 | Broken Access Control Vulnerability in Jovi Smart Scene | | |
| CVE-2020-12491 | Framework Information Disclosure Vulnerability | | |
| CVE-2020-12492 | Wifi information acquisition vulnerability in Framework Services | | |
| CVE-2020-12493 | Critical Vulnerability in SWARCO CPU LS4000 | S | |
| CVE-2020-12494 | Beckhoff: Etherleak in TwinCAT RT network driver | M | |
| CVE-2020-12495 | ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x has improper privilege management | S | |
| CVE-2020-12496 | ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x exposures sensitive information to an unauthorized actor | S | |
| CVE-2020-12497 | Phoenix Contact Automation Worx <= 1.87: stack-based overflow | S | |
| CVE-2020-12498 | Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution | S | |
| CVE-2020-12499 | PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability. | S | |
| CVE-2020-12500 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products | E S | |
| CVE-2020-12501 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products | E S | |
| CVE-2020-12502 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products | E S | |
| CVE-2020-12503 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products | E S | |
| CVE-2020-12504 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products | E S | |
| CVE-2020-12505 | WAGO: Vulnerability in web-based authentication in WAGO 750-8XX Version <= FW07 | S | |
| CVE-2020-12506 | WAGO: Authentication Bypass Vulnerability in WAGO 750-36X and WAGO 750-8XX Versions <= FW03 | S | |
| CVE-2020-12507 | s::can moni::tools autheticated SQL injection | | |
| CVE-2020-12508 | s::can moni::tools prone to path traversal in image-relocator module | | |
| CVE-2020-12509 | s::can moni::tools prone to path traversal in camera-file module | | |
| CVE-2020-12510 | Beckhoff: Privilege Escalation through TwinCat System | S | |
| CVE-2020-12511 | Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery | S | |
| CVE-2020-12512 | Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting | S | |
| CVE-2020-12513 | Pepper+Fuchs Comtrol IO-Link Master OS Command Injection | S | |
| CVE-2020-12514 | Pepper+Fuchs Comtrol IO-Link Master NULL Pointer Dereference | S | |
| CVE-2020-12515 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12516 | WAGO: PLC families 750-88x and 750-352 prone to DoS attack | S | |
| CVE-2020-12517 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). | S | |
| CVE-2020-12518 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | S | |
| CVE-2020-12519 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges. | S | |
| CVE-2020-12520 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12521 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | S | |
| CVE-2020-12522 | Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10 | S | |
| CVE-2020-12523 | Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration | S | |
| CVE-2020-12524 | Phoenix Contact BTP Touch Panels uncontrolled resource consumption | M | |
| CVE-2020-12525 | WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component | S | |
| CVE-2020-12526 | BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server | S | |
| CVE-2020-12527 | Improper Access Validation in products of MB connect line and Helmholz | S | |
| CVE-2020-12528 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions th... | S | |
| CVE-2020-12529 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions th... | S | |
| CVE-2020-12530 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions th... | S | |
| CVE-2020-12531 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12532 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12533 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12535 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12536 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12538 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12539 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12543 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12545 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12546 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12547 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12548 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12549 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12550 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12551 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12552 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12553 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12556 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12557 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12558 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12559 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12560 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12561 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12562 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12563 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12564 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12565 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12566 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12568 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12569 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12570 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12571 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12573 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12578 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12580 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12581 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12582 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12584 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12592 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-12593 | Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosur... | | |
| CVE-2020-12594 | A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their... | | |
| CVE-2020-12595 | An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a... | | |
| CVE-2020-12603 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxyin... | | |
| CVE-2020-12604 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case... | S | |
| CVE-2020-12605 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when process... | | |
| CVE-2020-12606 | An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the S... | | |
| CVE-2020-12607 | An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA impl... | E S | |
| CVE-2020-12608 | An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 ... | E | |
| CVE-2020-12612 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying... | | |
| CVE-2020-12613 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can... | | |
| CVE-2020-12614 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publishe... | | |
| CVE-2020-12615 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the... | | |
| CVE-2020-12618 | eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replace... | | |
| CVE-2020-12619 | MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existi... | | |
| CVE-2020-12620 | Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges throu... | E | |
| CVE-2020-12621 | The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw r... | | |
| CVE-2020-12624 | The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization he... | E | |
| CVE-2020-12625 | An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vul... | E S | |
| CVE-2020-12626 | An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated ... | E S | |
| CVE-2020-12627 | Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardc... | S | |
| CVE-2020-12629 | include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.... | E S | |
| CVE-2020-12635 | XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field.... | E | |
| CVE-2020-12637 | Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadver... | | |
| CVE-2020-12638 | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SD... | E S | |
| CVE-2020-12639 | phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.... | | |
| CVE-2020-12640 | Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via director... | E S | |
| CVE-2020-12641 | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via she... | KEV E S | |
| CVE-2020-12642 | An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allo... | S | |
| CVE-2020-12643 | OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a... | | |
| CVE-2020-12644 | OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list AP... | | |
| CVE-2020-12645 | OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agen... | | |
| CVE-2020-12646 | OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.... | | |
| CVE-2020-12647 | Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit in... | | |
| CVE-2020-12648 | A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to i... | | |
| CVE-2020-12649 | Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administra... | S | |
| CVE-2020-12650 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-12651 | SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and... | E | |
| CVE-2020-12652 | The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 all... | S | |
| CVE-2020-12653 | An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drive... | S | |
| CVE-2020-12654 | An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireles... | S | |
| CVE-2020-12655 | An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5... | S | |
| CVE-2020-12656 | gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the ... | | |
| CVE-2020-12657 | An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-ios... | S | |
| CVE-2020-12658 | gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_ma... | S | |
| CVE-2020-12659 | An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an ... | E S | |
| CVE-2020-12662 | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.... | S | |
| CVE-2020-12663 | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.... | S | |
| CVE-2020-12666 | macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0... | E | |
| CVE-2020-12667 | Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-co... | | |
| CVE-2020-12668 | Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed int... | E S | |
| CVE-2020-12669 | core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass inten... | S | |
| CVE-2020-12670 | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / m... | | |
| CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.... | E | |
| CVE-2020-12673 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service b... | E | |
| CVE-2020-12674 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service be... | E | |
| CVE-2020-12675 | The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly impleme... | | |
| CVE-2020-12676 | FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authenticati... | E | |
| CVE-2020-12677 | An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint fa... | S | |
| CVE-2020-12678 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12677. Reason: This candidat... | R | |
| CVE-2020-12679 | A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Applicatio... | | |
| CVE-2020-12680 | Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The fun... | | |
| CVE-2020-12681 | Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an atta... | | |
| CVE-2020-12683 | Katyshop2 before 2.12 has multiple stored XSS issues.... | S | |
| CVE-2020-12684 | XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk a... | | |
| CVE-2020-12685 | XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through ... | S | |
| CVE-2020-12687 | An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be reques... | S | |
| CVE-2020-12689 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated with... | S | |
| CVE-2020-12690 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided ... | S | |
| CVE-2020-12691 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can ... | S | |
| CVE-2020-12692 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a ... | | |
| CVE-2020-12693 | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation ... | | |
| CVE-2020-12695 | The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance... | | |
| CVE-2020-12696 | The iframe plugin before 4.5 for WordPress does not sanitize a URL.... | | |
| CVE-2020-12697 | The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.... | S | |
| CVE-2020-12698 | The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscribe... | S | |
| CVE-2020-12699 | The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.... | S | |
| CVE-2020-12700 | The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter sub... | S | |
| CVE-2020-12702 | Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.... | E | |
| CVE-2020-12703 | UliCMS before 2020.2 has XSS during PackageController uninstall.... | | |
| CVE-2020-12704 | UliCMS before 2020.2 has PageController stored XSS.... | | |
| CVE-2020-12705 | Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.... | | |
| CVE-2020-12706 | Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject... | E S | |
| CVE-2020-12707 | An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited be... | S | |
| CVE-2020-12708 | Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject... | E | |
| CVE-2020-12712 | A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS ... | | |
| CVE-2020-12713 | An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 th... | E S | |
| CVE-2020-12714 | An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterpri... | E S | |
| CVE-2020-12715 | RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.... | E | |
| CVE-2020-12717 | The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and con... | | |
| CVE-2020-12718 | In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage o... | E | |
| CVE-2020-12719 | XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and ea... | | |
| CVE-2020-12720 | vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access con... | | |
| CVE-2020-12723 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of... | S | |
| CVE-2020-12725 | Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data so... | E S | |
| CVE-2020-12729 | MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.... | | |
| CVE-2020-12730 | MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.... | | |
| CVE-2020-12731 | The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion... | | |
| CVE-2020-12732 | DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678... | E | |
| CVE-2020-12733 | Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endos... | E | |
| CVE-2020-12734 | DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and dema... | E | |
| CVE-2020-12735 | reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to acco... | E | |
| CVE-2020-12736 | Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote cod... | | |
| CVE-2020-12737 | An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a pa... | E | |
| CVE-2020-12739 | A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an un... | | |
| CVE-2020-12740 | tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. Th... | E | |
| CVE-2020-12742 | The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization... | S | |
| CVE-2020-12743 | An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any... | S | |
| CVE-2020-12744 | The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate thei... | | |
| CVE-2020-12745 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the lo... | | |
| CVE-2020-12746 | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets)... | | |
| CVE-2020-12747 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 ch... | | |
| CVE-2020-12748 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the lo... | | |
| CVE-2020-12749 | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI ... | | |
| CVE-2020-12750 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factor... | | |
| CVE-2020-12751 | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Qur... | | |
| CVE-2020-12752 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. A... | | |
| CVE-2020-12753 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbi... | E | |
| CVE-2020-12754 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A cr... | | |
| CVE-2020-12755 | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAu... | S | |
| CVE-2020-12757 | HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, m... | | |
| CVE-2020-12758 | HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service... | S | |
| CVE-2020-12759 | Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.... | | |
| CVE-2020-12760 | An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 bef... | | |
| CVE-2020-12761 | modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory ... | S | |
| CVE-2020-12762 | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demons... | E S | |
| CVE-2020-12763 | TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-bas... | E | |
| CVE-2020-12764 | Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.... | E | |
| CVE-2020-12765 | Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal.... | | |
| CVE-2020-12766 | Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter... | | |
| CVE-2020-12767 | exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.... | S | |
| CVE-2020-12768 | An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a m... | S | |
| CVE-2020-12769 | An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to ... | E S | |
| CVE-2020-12770 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call... | S | |
| CVE-2020-12771 | An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/b... | E S | |
| CVE-2020-12772 | An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A ch... | E | |
| CVE-2020-12773 | Realtek ADSL/PON Modem SoC - Security Misconfiguration | S | |
| CVE-2020-12774 | D-Link DSL-7740C - Command Injection | S | |
| CVE-2020-12775 | Hicos citizen certificate client-side component - Command Injection | S | |
| CVE-2020-12776 | Openfind Mail2000 - Broken Access Control | S | |
| CVE-2020-12777 | Combodo iTop - Broken Access Control | S | |
| CVE-2020-12778 | Combodo iTop - Reflected XSS | S | |
| CVE-2020-12779 | Combodo iTop - Stored XSS | S | |
| CVE-2020-12780 | Combodo iTop - Security Misconfiguration | S | |
| CVE-2020-12781 | Combodo iTop - CSRF | S | |
| CVE-2020-12782 | Openfind MailGates - Command Injection | S | |
| CVE-2020-12783 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM a... | E S | |
| CVE-2020-12784 | cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings... | | |
| CVE-2020-12785 | cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the acc... | | |
| CVE-2020-12787 | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechan... | | |
| CVE-2020-12788 | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to t... | | |
| CVE-2020-12789 | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authentica... | | |
| CVE-2020-12790 | In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly saniti... | E S | |
| CVE-2020-12797 | HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to no... | S | |
| CVE-2020-12798 | Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented... | E | |
| CVE-2020-12800 | The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unr... | E | |
| CVE-2020-12801 | Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save | | |
| CVE-2020-12802 | remote graphics contained in docx format retrieved in 'stealth mode' | | |
| CVE-2020-12803 | XForms submissions could overwrite local files | | |
| CVE-2020-12811 | An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6... | | |
| CVE-2020-12812 | An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and belo... | KEV | |
| CVE-2020-12814 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | | |
| CVE-2020-12815 | An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote aut... | | |
| CVE-2020-12816 | An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authen... | | |
| CVE-2020-12817 | An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow ... | | |
| CVE-2020-12818 | An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauth... | | |
| CVE-2020-12819 | A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in Fo... | S | |
| CVE-2020-12820 | Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, ... | S | |
| CVE-2020-12821 | Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil at... | E S | |
| CVE-2020-12823 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly ... | E S | |
| CVE-2020-12824 | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort... | | |
| CVE-2020-12825 | libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading ... | E | |
| CVE-2020-12826 | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.... | E S | |
| CVE-2020-12827 | MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive... | E S | |
| CVE-2020-12828 | An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain ex... | | |
| CVE-2020-12829 | In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Thi... | S | |
| CVE-2020-12830 | Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out e... | | |
| CVE-2020-12831 | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the spli... | E S | |
| CVE-2020-12832 | WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delet... | S | |
| CVE-2020-12834 | eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code ... | E | |
| CVE-2020-12835 | An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI bas... | E | |
| CVE-2020-12837 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to ga... | E | |
| CVE-2020-12838 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.... | E | |
| CVE-2020-12839 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpir... | E | |
| CVE-2020-12840 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /i... | E | |
| CVE-2020-12841 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /in... | E | |
| CVE-2020-12842 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserE... | E | |
| CVE-2020-12843 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to ga... | E | |
| CVE-2020-12845 | Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A ... | E | |
| CVE-2020-12846 | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avata... | | |
| CVE-2020-12847 | Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is ava... | E | |
| CVE-2020-12848 | In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link op... | E | |
| CVE-2020-12849 | Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standa... | E | |
| CVE-2020-12850 | The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior vers... | E | |
| CVE-2020-12851 | Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’... | E | |
| CVE-2020-12852 | The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and... | E | |
| CVE-2020-12853 | Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains ... | E | |
| CVE-2020-12854 | A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated rem... | | |
| CVE-2020-12855 | A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticate... | | |
| CVE-2020-12856 | OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applicati... | | |
| CVE-2020-12857 | Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote atta... | | |
| CVE-2020-12858 | Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allo... | | |
| CVE-2020-12859 | Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote a... | | |
| CVE-2020-12860 | COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information becaus... | | |
| CVE-2020-12861 | A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the sam... | E S | |
| CVE-2020-12862 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s... | E | |
| CVE-2020-12863 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s... | E | |
| CVE-2020-12864 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the s... | E | |
| CVE-2020-12865 | A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the ... | E | |
| CVE-2020-12866 | A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the... | E | |
| CVE-2020-12867 | A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious... | E | |
| CVE-2020-12869 | RainbowFish PacsOne Server 6.8.4 allows XSS.... | E | |
| CVE-2020-12870 | RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.... | E | |
| CVE-2020-12872 | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by on... | E | |
| CVE-2020-12873 | An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with pr... | | |
| CVE-2020-12874 | Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when spec... | | |
| CVE-2020-12875 | Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticate... | | |
| CVE-2020-12876 | Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the... | | |
| CVE-2020-12877 | Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authent... | | |
| CVE-2020-12878 | Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user ... | E | |
| CVE-2020-12880 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Applianc... | | |
| CVE-2020-12882 | Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by ... | | |
| CVE-2020-12883 | Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is resp... | | |
| CVE-2020-12884 | A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is resp... | | |
| CVE-2020-12885 | An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is respon... | | |
| CVE-2020-12886 | A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is resp... | | |
| CVE-2020-12887 | Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap ... | S | |
| CVE-2020-12888 | The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory... | | |
| CVE-2020-12889 | MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use ... | S | |
| CVE-2020-12890 | Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a priv... | | |
| CVE-2020-12891 | AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user m... | | |
| CVE-2020-12892 | An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unau... | | |
| CVE-2020-12893 | Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalatio... | | |
| CVE-2020-12894 | Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write... | | |
| CVE-2020-12895 | Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation o... | | |
| CVE-2020-12896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12897 | Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.... | | |
| CVE-2020-12898 | Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or d... | | |
| CVE-2020-12899 | Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.... | | |
| CVE-2020-12900 | An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows... | | |
| CVE-2020-12901 | Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or informati... | | |
| CVE-2020-12902 | Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalatio... | | |
| CVE-2020-12903 | Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to e... | | |
| CVE-2020-12904 | Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary i... | | |
| CVE-2020-12905 | Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary i... | | |
| CVE-2020-12906 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12907 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12909 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12910 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12911 | A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ... | S | |
| CVE-2020-12912 | A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use... | | |
| CVE-2020-12913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12920 | A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. A... | | |
| CVE-2020-12921 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12922 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12923 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12924 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12925 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12926 | The Trusted Platform Modules (TPM) reference software may not properly track the number of times a f... | | |
| CVE-2020-12927 | A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow a... | | |
| CVE-2020-12928 | A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticat... | S | |
| CVE-2020-12929 | Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics... | | |
| CVE-2020-12930 | Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker t... | | |
| CVE-2020-12931 | Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacke... | | |
| CVE-2020-12933 | A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.S... | S | |
| CVE-2020-12934 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12936 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12939 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12942 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12944 | Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.... | | |
| CVE-2020-12945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12946 | Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss... | | |
| CVE-2020-12947 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12948 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12949 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12950 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12951 | Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Manag... | | |
| CVE-2020-12952 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12953 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12954 | A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI RO... | | |
| CVE-2020-12955 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12956 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12957 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12958 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12959 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12960 | AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuf... | | |
| CVE-2020-12961 | A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker... | | |
| CVE-2020-12962 | Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.... | | |
| CVE-2020-12963 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow un... | | |
| CVE-2020-12964 | A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver... | | |
| CVE-2020-12965 | When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads... | M | |
| CVE-2020-12966 | AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtual... | M | |
| CVE-2020-12967 | AMD Secure Encrypted Virtualization | | |
| CVE-2020-12968 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12971 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12972 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12973 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12974 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12976 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12980 | An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to ... | | |
| CVE-2020-12981 | An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged us... | | |
| CVE-2020-12982 | An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to e... | | |
| CVE-2020-12983 | An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalatio... | | |
| CVE-2020-12984 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12985 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead ... | | |
| CVE-2020-12986 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause... | | |
| CVE-2020-12987 | A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for ... | | |
| CVE-2020-12988 | A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a ... | | |
| CVE-2020-12989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12993 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12994 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12995 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12996 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12997 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12998 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-12999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R |