CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-13350 352 CSRF 2020-11-17 2020-11-27
4.3
None Remote Medium Not required None None Partial
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
752 CVE-2020-13349 2020-11-17 2021-07-21
4.0
None Remote Low ??? None None Partial
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
753 CVE-2020-13348 Bypass 2020-11-17 2020-11-27
4.0
None Remote Low ??? None Partial None
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
754 CVE-2020-12927 2020-11-12 2020-11-30
7.2
None Local Low Not required Complete Complete Complete
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
755 CVE-2020-12926 367 DoS 2020-11-12 2020-11-30
4.4
None Local Medium Not required Partial Partial Partial
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device.
756 CVE-2020-12912 203 2020-11-12 2020-12-03
2.1
None Local Low Not required Partial None None
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.
757 CVE-2020-12593 2020-11-18 2020-11-30
5.0
None Remote Low Not required Partial None None
Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
758 CVE-2020-12510 276 Exec Code 2020-11-19 2020-12-03
6.0
None Remote Medium ??? Partial Partial Partial
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.
759 CVE-2020-12496 200 +Info 2020-11-19 2020-12-08
4.0
None Remote Low ??? Partial None None
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.
760 CVE-2020-12495 269 2020-11-19 2020-12-08
6.5
None Remote Low ??? Partial Partial Partial
Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.
761 CVE-2020-12485 125 2020-11-10 2020-11-24
4.9
None Local Low Not required None None Complete
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
762 CVE-2020-12356 125 2020-11-12 2020-11-18
2.1
None Local Low Not required Partial None None
Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.
763 CVE-2020-12355 294 Bypass 2020-11-12 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
764 CVE-2020-12354 276 2020-11-12 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
765 CVE-2020-12353 281 DoS 2020-11-12 2020-11-24
4.0
None Remote Low ??? None None Partial
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.
766 CVE-2020-12352 200 +Info 2020-11-23 2021-07-21
3.3
None Local Network Low Not required Partial None None
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
767 CVE-2020-12351 20 2020-11-23 2021-04-08
5.8
None Local Network Low Not required Partial Partial Partial
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
768 CVE-2020-12350 269 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access.
769 CVE-2020-12349 20 2020-11-12 2020-11-20
4.0
None Remote Low ??? Partial None None
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.
770 CVE-2020-12347 20 2020-11-12 2020-11-20
6.5
None Remote Low ??? Partial Partial Partial
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
771 CVE-2020-12346 276 2020-11-12 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
772 CVE-2020-12345 281 2020-11-12 2020-11-20
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
773 CVE-2020-12338 2020-11-13 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
774 CVE-2020-12337 119 Overflow 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
775 CVE-2020-12336 665 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.
776 CVE-2020-12335 281 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access.
777 CVE-2020-12334 281 2020-11-12 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.
778 CVE-2020-12333 522 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
779 CVE-2020-12332 281 2020-11-12 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
780 CVE-2020-12331 269 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access.
781 CVE-2020-12330 281 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
782 CVE-2020-12329 427 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access.
783 CVE-2020-12328 200 +Info 2020-11-12 2021-07-21
2.1
None Local Low Not required Partial None None
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.
784 CVE-2020-12327 1188 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access.
785 CVE-2020-12326 665 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.
786 CVE-2020-12325 119 Overflow 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.
787 CVE-2020-12324 269 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access.
788 CVE-2020-12323 20 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access.
789 CVE-2020-12322 20 DoS 2020-11-12 2020-11-24
3.3
None Local Network Low Not required None None Partial
Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
790 CVE-2020-12321 119 Overflow 2020-11-12 2021-07-21
5.8
None Local Network Low Not required Partial Partial Partial
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
791 CVE-2020-12320 427 2020-11-12 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
792 CVE-2020-12319 DoS 2020-11-12 2020-11-20
3.3
None Local Network Low Not required None None Partial
Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
793 CVE-2020-12318 2020-11-12 2020-11-20
4.6
None Local Low Not required Partial Partial Partial
Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access.
794 CVE-2020-12317 119 DoS Overflow 2020-11-12 2021-07-21
3.3
None Local Network Low Not required None None Partial
Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
795 CVE-2020-12316 522 2020-11-12 2020-11-20
2.1
None Local Low Not required Partial None None
Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access.
796 CVE-2020-12315 22 Dir. Trav. 2020-11-12 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
797 CVE-2020-12314 20 DoS 2020-11-12 2020-11-20
3.3
None Local Network Low Not required None None Partial
Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
798 CVE-2020-12313 269 2020-11-13 2021-07-21
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
799 CVE-2020-12312 119 Overflow 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
800 CVE-2020-12311 2020-11-12 2020-11-24
2.1
None Local Low Not required Partial None None
Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.