|
197671
|
7.8 |
HIGH
Local
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provid…
|
NVD-CWE-noinfo
|
CVE-2020-8240
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197672
|
9.8 |
CRITICAL
Network
|
pulsesecure
|
pulse_secure_desktop_client
|
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker …
|
NVD-CWE-noinfo
|
CVE-2020-8239
|
2024-11-21 14:38 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197673
|
8.8 |
HIGH
Adjacent
|
lenovo
|
thinkpad_stack_wireless_router_firmware
|
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.
|
CWE-287
Improper Authentication
|
CVE-2020-8350
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197674
|
7.8 |
HIGH
Local
|
lenovo
|
hardware_scan
|
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-8345
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197675
|
7.8 |
HIGH
Local
|
lenovo
|
diagnostics
|
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
|
CWE-426
Untrusted Search Path
|
CVE-2020-8338
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197676
|
9.8 |
CRITICAL
Network
|
lenovo
|
cloud_networking_operating_system
|
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface i…
|
CWE-94
Code Injection
|
CVE-2020-8349
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197677
|
6.4 |
MEDIUM
Local
|
lenovo
|
bladecenter_hs23_firmware
bladecenter_hs23e_firmware
compute_node-x440_firmware
flex_system_x220_firmware
flex_system_x240_firmware
flex_system_x440_firmware
nextscale_nx360_m4_firm…
|
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-8332
|
2024-11-21 14:38 |
2020-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197678
|
4.3 |
MEDIUM
Network
|
nextcloud
|
deck
|
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8235
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197679
|
5.3 |
MEDIUM
Network
|
nextcloud
opensuse
|
preferred_providers
leap
backports_sle
|
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-8228
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197680
|
6.5 |
MEDIUM
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
|
CWE-269
Improper Privilege Management
|
CVE-2020-8223
|
2024-11-21 14:38 |
2020-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
