CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2020-8912 327 2020-08-11 2020-08-17
2.1
None Local Low Not required Partial None None
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.
652 CVE-2020-8911 327 2020-08-11 2020-08-18
2.1
None Local Low Not required Partial None None
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.
653 CVE-2020-8905 120 2020-08-12 2020-08-13
4.0
None Remote Low ??? Partial None None
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.
654 CVE-2020-8904 119 Overflow 2020-08-12 2020-08-13
5.5
None Remote Low ??? None Partial Partial
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
655 CVE-2020-8870 125 Exec Code 2020-08-20 2020-08-25
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files from the GetTIFPalette method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9931.
656 CVE-2020-8869 121 Exec Code 2020-08-20 2020-08-25
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9881.
657 CVE-2020-8763 276 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
658 CVE-2020-8759 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access.
659 CVE-2020-8743 276 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
660 CVE-2020-8742 20 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
661 CVE-2020-8736 269 2020-08-13 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access.
662 CVE-2020-8733 119 Overflow 2020-08-13 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access.
663 CVE-2020-8732 787 Overflow 2020-08-13 2020-08-17
5.8
None Local Network Low Not required Partial Partial Partial
Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
664 CVE-2020-8731 732 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
665 CVE-2020-8730 787 Overflow 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
666 CVE-2020-8729 120 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
667 CVE-2020-8723 79 XSS 2020-08-13 2020-08-17
5.4
None Local Network Medium Not required Partial Partial Partial
Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
668 CVE-2020-8722 120 Overflow 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
669 CVE-2020-8721 20 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
670 CVE-2020-8720 120 DoS Overflow 2020-08-13 2020-08-17
2.1
None Local Low Not required None None Partial
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
671 CVE-2020-8719 120 Overflow 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local access.
672 CVE-2020-8718 120 Overflow 2020-08-13 2020-08-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
673 CVE-2020-8717 20 DoS 2020-08-13 2020-08-17
2.1
None Local Low Not required None None Partial
Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.
674 CVE-2020-8716 DoS 2020-08-13 2020-08-17
2.1
None Local Low Not required None None Partial
Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable denial of service via local access.
675 CVE-2020-8715 763 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access.
676 CVE-2020-8714 287 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.
677 CVE-2020-8713 287 2020-08-13 2020-08-19
5.8
None Local Network Low Not required Partial Partial Partial
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
678 CVE-2020-8712 120 Overflow 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
679 CVE-2020-8711 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
680 CVE-2020-8710 120 Overflow 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
681 CVE-2020-8709 287 2020-08-13 2020-08-19
5.8
None Local Network Low Not required Partial Partial Partial
Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
682 CVE-2020-8708 287 2020-08-13 2020-08-19
5.8
None Local Network Low Not required Partial Partial Partial
Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
683 CVE-2020-8707 120 Overflow 2020-08-13 2020-08-19
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
684 CVE-2020-8706 120 Overflow 2020-08-13 2020-08-18
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
685 CVE-2020-8689 119 DoS Overflow 2020-08-13 2021-07-21
3.3
None Local Network Low Not required None None Partial
Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
686 CVE-2020-8688 20 DoS 2020-08-13 2020-08-19
5.0
None Remote Low Not required None None Partial
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access.
687 CVE-2020-8687 427 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access.
688 CVE-2020-8685 287 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access.
689 CVE-2020-8684 269 2020-08-13 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access.
690 CVE-2020-8683 119 DoS Overflow 2020-08-13 2021-07-21
2.1
None Local Low Not required None None Partial
Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
691 CVE-2020-8682 125 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
692 CVE-2020-8681 787 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.
693 CVE-2020-8680 362 2020-08-13 2020-08-19
4.4
None Local Medium Not required Partial Partial Partial
Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.
694 CVE-2020-8679 787 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.
695 CVE-2020-8624 269 2020-08-21 2020-10-20
4.0
None Remote Low ??? None Partial None
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
696 CVE-2020-8623 617 2020-08-21 2022-04-28
4.3
None Remote Medium Not required None None Partial
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
697 CVE-2020-8622 617 2020-08-21 2021-12-02
4.0
None Remote Low ??? None None Partial
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
698 CVE-2020-8621 617 2020-08-21 2022-04-28
4.3
None Remote Medium Not required None None Partial
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
699 CVE-2020-8620 617 2020-08-21 2022-06-02
5.0
None Remote Low Not required None None Partial
In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
700 CVE-2020-8607 20 Exec Code 2020-08-05 2020-08-11
7.2
None Local Low Not required Complete Complete Complete
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Total number of vulnerabilities : 1155   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.