Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4559 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Spectrum Protect and 3 more | 2020-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. | |||||
| CVE-2018-0418 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2020-08-31 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. | |||||
| CVE-2018-0385 | 1 Cisco | 1 Firepower Management Center | 2020-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434. | |||||
| CVE-2018-0331 | 1 Cisco | 77 Firepower 4110, Firepower 4120, Firepower 4140 and 74 more | 2020-08-31 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007. | |||||
| CVE-2014-0048 | 1 Docker | 1 Docker | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
| CVE-2018-0443 | 1 Cisco | 1 Wireless Lan Controller Software | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition. | |||||
| CVE-2020-17393 | 1 Parallels | 1 Parallels Desktop | 2020-08-28 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520. | |||||
| CVE-2020-3519 | 1 Cisco | 1 Data Center Network Manager | 2020-08-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | |||||
| CVE-2011-2716 | 2 Busybox, T-mobile | 2 Busybox, Tm-ac1900 | 2020-08-27 | 6.8 MEDIUM | N/A |
| The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | |||||
| CVE-2016-1444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2020-08-27 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | |||||
| CVE-2014-2673 | 1 Linux | 1 Linux Kernel | 2020-08-27 | 4.7 MEDIUM | N/A |
| The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. | |||||
| CVE-2009-1242 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-08-27 | 4.9 MEDIUM | N/A |
| The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. | |||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2020-08-27 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2020-13401 | 1 Docker | 1 Engine | 2020-08-27 | 6.0 MEDIUM | 6.0 MEDIUM |
| An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. | |||||
| CVE-2014-0155 | 1 Linux | 1 Linux Kernel | 2020-08-26 | 5.5 MEDIUM | N/A |
| The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. | |||||
| CVE-2019-13612 | 1 Altn | 1 Mdaemon Email Server | 2020-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB (and limits checks to 10 MB even with special configuration), which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious e-mail, if a customer deploys a server with sufficient resources to scan large messages. | |||||
| CVE-2014-2039 | 1 Linux | 1 Linux Kernel | 2020-08-26 | 4.9 MEDIUM | N/A |
| arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction. | |||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2020-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | |||||
| CVE-2014-1874 | 3 Canonical, Linux, Suse | 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server | 2020-08-26 | 4.9 MEDIUM | N/A |
| The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. | |||||
| CVE-2009-1243 | 1 Linux | 1 Linux Kernel | 2020-08-25 | 2.1 LOW | N/A |
| net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure." | |||||
| CVE-2016-6170 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2020-08-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. | |||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2020-08-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
| CVE-2016-1454 | 1 Cisco | 54 5548p, 5548up, 5596t and 51 more | 2020-08-25 | 7.1 HIGH | 6.5 MEDIUM |
| Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. | |||||
| CVE-2014-2523 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-08-25 | 10.0 HIGH | N/A |
| net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. | |||||
| CVE-2020-4548 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2020-08-24 | 4.0 MEDIUM | 2.7 LOW |
| IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316. | |||||
| CVE-2019-9379 | 1 Google | 1 Android | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638 | |||||
| CVE-2019-9418 | 1 Google | 1 Android | 2020-08-24 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210 | |||||
| CVE-2019-1079 | 1 Microsoft | 1 Visual Studio | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'. | |||||
| CVE-2019-13143 | 1 Shenzhen Dragon Brothers | 2 Fb50, Fb50 Firmware | 2020-08-24 | 9.0 HIGH | 9.8 CRITICAL |
| An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user. | |||||
| CVE-2019-12816 | 1 Znc | 1 Znc | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. | |||||
| CVE-2019-1470 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 4.0 MEDIUM | 6.0 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-0635 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 5.5 MEDIUM | 6.2 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2018-12147 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | |||||
| CVE-2019-0973 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1204 | 1 Microsoft | 3 Office, Office 365 Proplus, Outlook | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka 'Microsoft Outlook Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1230 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 4.0 MEDIUM | 6.8 MEDIUM |
| An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-5244 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Fimware | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak. | |||||
| CVE-2018-0957 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2020-08-24 | 1.9 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964. | |||||
| CVE-2019-9352 | 1 Google | 1 Android | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062 | |||||
| CVE-2019-0786 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0886 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 2.7 LOW | 6.8 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-0768 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761. | |||||
| CVE-2019-0957 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. | |||||
| CVE-2018-20852 | 1 Python | 1 Python | 2020-08-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | |||||
| CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 12 Debian Linux, Bind, Data Ontap Edge and 9 more | 2020-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |||||
| CVE-2020-3501 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2020-08-19 | 3.5 LOW | 4.1 MEDIUM |
| Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. | |||||
| CVE-2020-3502 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2020-08-19 | 3.5 LOW | 4.1 MEDIUM |
| Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. | |||||
| CVE-2020-17479 | 1 Json Pattern Validator Project | 1 Json Pattern Validator | 2020-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. | |||||
| CVE-2020-8742 | 1 Intel | 146 Cd1c32gk, Cd1c32gk Firmware, Cd1c64gk and 143 more | 2020-08-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0555 | 1 Intel | 22 Ac 3165, Ac 3165 Firmware, Ac 3168 and 19 more | 2020-08-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||