| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. |
| Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands |
| In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected. |
| An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality. |
| A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315. |
| An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. |
| An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. |
| An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. |
| An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests. |
| Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. |
| The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. |
| Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. |
| Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. |
| Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. |
| Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access. |
| Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. |
