Latest CVE Feed
-
5.5
MEDIUMCVE-2020-8324
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.... Read more
Affected Products : system_interface_foundation- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8323
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8322
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.... Read more
Affected Products : e42-80_firmware e52-80_firmware miix_720-12ikb_firmware s145-14api_firmware s145-14ast_firmware s145-15api_firmware s145-15ast_firmware s540-13api_firmware v130-15ikb_firmware v330-15igm_firmware +92 more products- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8321
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2020-8320
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.... Read more
- Published: Jun. 09, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8319
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : system_interface_foundation- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8318
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : system_interface_foundation- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2020-8317
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.... Read more
Affected Products : drivers_management- Published: Jul. 24, 2020
- Modified: Nov. 21, 2024
-
4.4
MEDIUMCVE-2020-8316
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.... Read more
Affected Products : vantage- Published: Apr. 14, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2020-8315
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. ... Read more
Affected Products : python- Published: Jan. 28, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8300
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. ... Read more
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8299
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource c... Read more
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-8298
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.... Read more
Affected Products : fs-path- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.... Read more
Affected Products : deck- Published: Feb. 23, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2020-8296
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.... Read more
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-8295
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.... Read more
Affected Products : nextcloud_server- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-8294
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.... Read more
Affected Products : nextcloud_server- Published: Feb. 03, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-8293
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.... Read more
Affected Products : nextcloud_server- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-8292
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.... Read more
Affected Products : rocket.chat- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-8291
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.... Read more
Affected Products : rocket.chat- Published: Oct. 18, 2021
- Modified: Nov. 21, 2024