| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1472 | 9.3 |
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability
|
19-01-2024 - 00:15 | 17-08-2020 - 19:15 | |
| CVE-2020-15862 | 7.2 |
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
|
31-10-2023 - 19:30 | 20-08-2020 - 01:17 | |
| CVE-2020-25654 | 9.0 |
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing
|
29-09-2023 - 11:15 | 24-11-2020 - 20:15 | |
| CVE-2020-25643 | 7.5 |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial
|
16-05-2023 - 10:48 | 06-10-2020 - 14:15 | |
| CVE-2020-28367 | 5.1 |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|
20-04-2023 - 00:15 | 18-11-2020 - 17:15 | |
| CVE-2020-13867 | 2.1 |
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
|
01-03-2023 - 16:48 | 05-06-2020 - 18:15 | |
| CVE-2020-24659 | 5.0 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app
|
27-02-2023 - 15:30 | 04-09-2020 - 15:15 | |
| CVE-2020-2922 | 4.3 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
|
28-10-2022 - 17:39 | 15-04-2020 - 14:15 | |
| CVE-2020-2814 | 4.0 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with net
|
29-08-2022 - 21:00 | 15-04-2020 - 14:15 | |
| CVE-2020-1971 | 4.3 |
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they
|
29-08-2022 - 20:27 | 08-12-2020 - 16:15 | |
| CVE-2020-8277 | 5.0 |
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
|
10-05-2022 - 15:25 | 19-11-2020 - 01:15 | |
| CVE-2020-16166 | 4.3 |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c
|
26-04-2022 - 17:06 | 30-07-2020 - 21:15 | |
| CVE-2019-20372 | 4.3 |
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
|
06-04-2022 - 16:10 | 09-01-2020 - 21:15 | |
| CVE-2020-12321 | 5.8 |
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
|
21-07-2021 - 11:39 | 12-11-2020 - 18:15 | |
| CVE-2020-16166 | 4.3 |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c
|
28-09-2020 - 16:15 | 30-07-2020 - 21:15 | |
| CVE-2020-1472 | 9.3 |
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
|
28-09-2020 - 13:48 | 17-08-2020 - 19:15 | |
| CVE-2020-24659 | 5.0 |
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app
|
25-09-2020 - 20:15 | 04-09-2020 - 15:15 | |
| CVE-2020-14019 | 4.6 |
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
|
07-08-2020 - 12:15 | 19-06-2020 - 11:15 | |
| CVE-2016-5766 | 6.8 |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
22-04-2019 - 17:48 | 07-08-2016 - 10:59 |