Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2020-8676

    Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8675

    Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more

    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8674

    Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.... Read more

    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8672

    Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access.... Read more

    • Published: Feb. 02, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8671

    Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Oct. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2020-8670

    Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8669

    Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.... Read more

    Affected Products : data_center_manager
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8664

    CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the vali... Read more

    Affected Products : envoy envoy
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8663

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.... Read more

    Affected Products : envoy
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8661

    CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.... Read more

    Affected Products : envoy openshift_service_mesh envoy
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2020-8660

    CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a w... Read more

    Affected Products : envoy
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8659

    CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.... Read more

    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8658

    The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wro... Read more

    Affected Products : htaccess
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8656

    An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.p... Read more

    Affected Products : eyesofnetwork
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2020-8654

    An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field.... Read more

    Affected Products : eyesofnetwork
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8649

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.... Read more

    Affected Products : linux_kernel debian_linux leap
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2020-8648

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.... Read more

    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2020-8647

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.... Read more

    Affected Products : linux_kernel debian_linux leap
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8645

    An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.Jo... Read more

    Affected Products : simplejobscript
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8641

    Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter.... Read more

    Affected Products : lotus_core_cms
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results