|
201421
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8259
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201422
|
4.4 |
MEDIUM
Local
|
nextcloud
|
nextcloud_server
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-8152
|
2024-11-21 14:38 |
2020-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201423
|
5.3 |
MEDIUM
Network
|
oneidentity
|
password_manager
|
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-7962
|
2024-11-21 14:38 |
2020-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201424
|
6.7 |
MEDIUM
Local
|
lenovo
|
notebook_firmware
|
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
|
NVD-CWE-noinfo
|
CVE-2020-8354
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201425
|
6.7 |
MEDIUM
Local
|
lenovo
|
thinkcentre_m80t_firmware
thinkcentre_m80s_firmware
thinkcentre_m90t_firmware
thinkcentre_m90s_firmware
thinkcentre_m910z_firmware
thinkcentre_m920s_firmware
thinkcentre_m920t_firmw…
|
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative u…
|
NVD-CWE-noinfo
|
CVE-2020-8353
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201426
|
2.4 |
LOW
Physics
|
lenovo
|
thinkcentre_e73_firmware
thinkcentre_m73_firmware
qitian_4500_firmware
qitian_b4550_firmware
qitian_m4550_firmware
thinkcentre_m4500k_firmware
thinkcentre_m4500t_firmware
thinkce…
|
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
|
NVD-CWE-noinfo
|
CVE-2020-8352
|
2024-11-21 14:38 |
2020-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201427
|
7.5 |
HIGH
Network
|
json8-merge-patch_project
|
json8-merge-patch
|
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
|
CWE-20
Improper Input Validation
|
CVE-2020-8268
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201428
|
4.1 |
MEDIUM
Local
|
nextcloud
|
nextcloud_server
|
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-8150
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201429
|
5.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-8133
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201430
|
5.5 |
MEDIUM
Local
|
brave
|
brave
|
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. T…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-8276
|
2024-11-21 14:38 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
