CVE-2020-1863

Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.

Source: CVE-2020-1863

CVE-2020-8469

Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.

Source: CVE-2020-8469

CVE-2020-10535

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.

Source: CVE-2020-10535

CVE-2020-10534

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.

Source: CVE-2020-10534

CVE-2019-17653

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user’s session by persuading the victim to follow a malicious link.

Source: CVE-2019-17653

CVE-2020-0550

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html

Source: CVE-2020-0550

CVE-2020-6643

An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).

Source: CVE-2020-6643

CVE-2020-9064

Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 10.0.1.167(C00E166R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.

Source: CVE-2020-9064

CVE-2020-0551

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html

Source: CVE-2020-0551

CVE-2020-0583

Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel® Smart Sound Technology before versions: 10th Generation Intel® Core™ i7 Processors, version 3431 and 8th Generation Intel® Core™ Processors, version 3349.

Source: CVE-2020-0583