|
196521
|
5.3 |
MEDIUM
Network
|
oneidentity
|
password_manager
|
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-7962
|
2024-11-21 14:38 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196522
|
6.7 |
MEDIUM
Local
|
lenovo
|
notebook_firmware
|
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2020-8354
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196523
|
6.7 |
MEDIUM
Local
|
lenovo
|
thinkcentre_m80t_firmware
thinkcentre_m80s_firmware
thinkcentre_m90t_firmware
thinkcentre_m90s_firmware
thinkcentre_m910z_firmware
thinkcentre_m920s_firmware
thinkcentre_m920t_firmw…
|
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative u…
|
NVD-CWE-noinfo
|
CVE-2020-8353
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196524
|
2.4 |
LOW
Physics
|
lenovo
|
thinkcentre_e73_firmware
thinkcentre_m73_firmware
qitian_4500_firmware
qitian_b4550_firmware
qitian_m4550_firmware
thinkcentre_m4500k_firmware
thinkcentre_m4500t_firmware
thinkce…
|
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
|
NVD-CWE-noinfo
|
CVE-2020-8352
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196525
|
7.5 |
HIGH
Network
|
json8-merge-patch_project
|
json8-merge-patch
|
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
|
CWE-20
Improper Input Validation
|
CVE-2020-8268
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196526
|
4.1 |
MEDIUM
Local
|
nextcloud
|
nextcloud_server
|
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-8150
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196527
|
5.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-8133
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196528
|
5.5 |
MEDIUM
Local
|
brave
|
brave
|
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. T…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-8276
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196529
|
5.3 |
MEDIUM
Network
|
ui
|
unifi_protect_firmware
|
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to…
|
CWE-287
Improper Authentication
|
CVE-2020-8267
|
2024-11-21 14:38 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196530
|
7.5 |
HIGH
Network
|
tcpdump
debian
fedoraproject
apple
|
tcpdump
debian_linux
fedora
mac_os_x
macos
|
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-8037
|
2024-11-21 14:38 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
