|
198991
|
7.5 |
HIGH
Network
|
citrix
|
sd-wan
|
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
|
CWE-287
Improper Authentication
|
CVE-2020-8272
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198992
|
9.8 |
CRITICAL
Network
|
citrix
|
sd-wan
|
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
|
CWE-22
Path Traversal
|
CVE-2020-8271
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198993
|
8.8 |
HIGH
Network
|
citrix
|
virtual_apps_and_desktops
|
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 ho…
|
CWE-78
OS Command
|
CVE-2020-8270
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198994
|
8.8 |
HIGH
Network
|
citrix
|
xendesktop
xenapp
virtual_apps_and_desktops
|
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 …
|
CWE-269
Improper Privilege Management
|
CVE-2020-8269
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198995
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8259
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198996
|
4.4 |
MEDIUM
Local
|
nextcloud
|
nextcloud_server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8152
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198997
|
5.3 |
MEDIUM
Network
|
oneidentity
|
password_manager
|
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-7962
|
2024-11-21 14:38 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198998
|
6.7 |
MEDIUM
Local
|
lenovo
|
notebook_firmware
|
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2020-8354
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198999
|
6.7 |
MEDIUM
Local
|
lenovo
|
thinkcentre_m80t_firmware
thinkcentre_m80s_firmware
thinkcentre_m90t_firmware
thinkcentre_m90s_firmware
thinkcentre_m910z_firmware
thinkcentre_m920s_firmware
thinkcentre_m920t_firmw…
|
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative u…
|
NVD-CWE-noinfo
|
CVE-2020-8353
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199000
|
2.4 |
LOW
Physics
|
lenovo
|
thinkcentre_e73_firmware
thinkcentre_m73_firmware
qitian_4500_firmware
qitian_b4550_firmware
qitian_m4550_firmware
thinkcentre_m4500k_firmware
thinkcentre_m4500t_firmware
thinkce…
|
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
|
NVD-CWE-noinfo
|
CVE-2020-8352
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
