CVE-2020-2022

An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator’s session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.17;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.11;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.

Source: CVE-2020-2022

CVE-2020-2000

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.16;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.10;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.4;
PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Source: CVE-2020-2000

CVE-2020-2048

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software.
This issue impacts:
PAN-OS 8.1 versions earlier than PAN-OS 8.1.17;
PAN-OS 9.0 versions earlier than PAN-OS 9.0.11;
PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.

Source: CVE-2020-2048

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.

Source: CVE-2020-26221

CVE-2020-26220

toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.

Source: CVE-2020-26220

CVE-2020-5992

NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.

Source: CVE-2020-5992

CVE-2020-26219

touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.
The issue is fixed in version 2.0.

Source: CVE-2020-26219

CVE-2020-26218

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc.

The issue is patched in version 2.0.

Source: CVE-2020-26218

CVE-2020-8353

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Source: CVE-2020-8353

CVE-2020-8354

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

Source: CVE-2020-8354