Weekly Vulnerabilities Reports > September 7 to 13, 2020
Overview
399 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 133 high severity vulnerabilities. This weekly summary report vulnerabilities in 376 products from 78 vendors including Microsoft, Qualcomm, SAP, Adobe, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Classic Buffer Overflow", "Improper Input Validation", and "Use After Free".
- 225 reported vulnerabilities are remotely exploitables.
- 75 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 265 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 129 reported vulnerabilities.
- Qualcomm has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
22 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-09-11 | CVE-2020-14100 | MI | Improper Privilege Management vulnerability in MI R3600 Firmware In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. | 10.0 |
2020-09-09 | CVE-2020-15903 | Nagios | Improper Privilege Management vulnerability in Nagios XI An issue was found in Nagios XI before 5.7.3. | 10.0 |
2020-09-09 | CVE-2020-2040 | Paloaltonetworks | Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. | 10.0 |
2020-09-08 | CVE-2020-3675 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250 | 10.0 |
2020-09-08 | CVE-2020-3669 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 | 10.0 |
2020-09-08 | CVE-2020-3668 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-09-08 | CVE-2020-3667 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 | 10.0 |
2020-09-08 | CVE-2020-11116 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 10.0 |
2020-09-08 | CVE-2019-14052 | Qualcomm | Use of Uninitialized Resource vulnerability in Qualcomm products u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, SA415M, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 10.0 |
2020-09-11 | CVE-2020-1595 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. | 9.9 |
2020-09-11 | CVE-2020-1210 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 9.9 |
2020-09-10 | CVE-2020-11998 | Apache Oracle | A regression has been introduced in the commit preventing JMX re-bind. | 9.8 |
2020-09-10 | CVE-2020-8758 | Intel Netapp | Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2020-09-09 | CVE-2020-24916 | Yaws Debian Canonical | OS Command Injection vulnerability in multiple products CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | 9.8 |
2020-09-09 | CVE-2020-24379 | Yaws Debian Canonical | XXE vulnerability in multiple products WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 |
2020-09-09 | CVE-2020-25213 | Webdesi9 | Unrestricted Upload of File with Dangerous Type vulnerability in Webdesi9 File Manager The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. | 9.8 |
2020-09-09 | CVE-2020-11986 | Apache | Unspecified vulnerability in Apache Netbeans To be able to analyze gradle projects, the build scripts need to be executed. | 9.8 |
2020-09-09 | CVE-2020-3634 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.4 |
2020-09-08 | CVE-2018-13903 | Qualcomm | Race Condition vulnerability in Qualcomm products u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150 | 9.3 |
2020-09-10 | CVE-2020-24552 | Atoptechnology | OS Command Injection vulnerability in Atoptechnology products Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. | 9.0 |
2020-09-09 | CVE-2020-2042 | Paloaltonetworks | Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os 10.0.0 A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. | 9.0 |
2020-09-09 | CVE-2020-2037 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 9.0 |
133 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-09-11 | CVE-2020-1523 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2019 <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. | 8.9 |
2020-09-11 | CVE-2020-1129 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. | 8.8 |
2020-09-11 | CVE-2020-1012 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 11 <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. | 8.8 |
2020-09-11 | CVE-2020-0922 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. | 8.8 |
2020-09-11 | CVE-2020-0761 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. | 8.8 |
2020-09-11 | CVE-2020-0718 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. | 8.8 |
2020-09-11 | CVE-2020-16222 | Philips | Improper Authentication vulnerability in Philips products In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 8.8 |
2020-09-09 | CVE-2020-7319 | Mcafee | Link Following vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 8.8 |
2020-09-11 | CVE-2020-1460 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. | 8.6 |
2020-09-11 | CVE-2020-1453 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |
2020-09-11 | CVE-2020-1452 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |
2020-09-11 | CVE-2020-1200 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |
2020-09-11 | CVE-2020-1576 | Microsoft | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.5 |
2020-09-11 | CVE-2020-16875 | Microsoft | Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. | 8.4 |
2020-09-11 | CVE-2020-1285 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. | 8.4 |
2020-09-09 | CVE-2020-1912 | Out-of-bounds Write vulnerability in Facebook Hermes An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 8.1 | |
2020-09-11 | CVE-2020-1507 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. | 7.9 |
2020-09-11 | CVE-2020-14363 | X ORG Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow vulnerability leading to a double-free was found in libX11. | 7.8 |
2020-09-11 | CVE-2020-16881 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code <p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. | 7.8 |
2020-09-11 | CVE-2020-16874 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-16856 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1594 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Excel and Office <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1559 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. | 7.8 |
2020-09-11 | CVE-2020-1532 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.8 |
2020-09-11 | CVE-2020-1491 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1376 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1338 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1335 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1332 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Excel and Office <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1252 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1218 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1193 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office <p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1169 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1115 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1098 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 2004 <p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1074 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1053 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1052 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1039 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-1030 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. | 7.8 |
2020-09-11 | CVE-2020-0998 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0997 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0911 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0886 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. | 7.8 |
2020-09-11 | CVE-2020-0870 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0839 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0838 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when NTFS improperly checks access. | 7.8 |
2020-09-11 | CVE-2020-0790 | Microsoft | Unspecified vulnerability in Microsoft products <p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. | 7.8 |
2020-09-11 | CVE-2020-0782 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. | 7.8 |
2020-09-11 | CVE-2020-0766 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.8 |
2020-09-11 | CVE-2020-0648 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.8 |
2020-09-10 | CVE-2020-25221 | Linux Netapp | Operation on a Resource after Expiration or Release vulnerability in multiple products get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. | 7.8 |
2020-09-10 | CVE-2020-7314 | Mcafee | Incorrect Permission Assignment for Critical Resource vulnerability in Mcafee Agent Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | 7.8 |
2020-09-10 | CVE-2020-7312 | Mcafee | Uncontrolled Search Path Element vulnerability in Mcafee Agent 5.0.0 DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | 7.8 |
2020-09-09 | CVE-2020-10056 | Siemens | Execution with Unnecessary Privileges vulnerability in Siemens License Management Utility 2.3.745 A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). | 7.8 |
2020-09-09 | CVE-2020-2041 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Pan-Os An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. | 7.8 |
2020-09-09 | CVE-2020-7325 | Mcafee | Link Following vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 7.8 |
2020-09-09 | CVE-2020-11135 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.8 |
2020-09-08 | CVE-2020-11158 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm IPS PDF u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2 | 7.8 |
2020-09-11 | CVE-2020-16872 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 7.6 |
2020-09-11 | CVE-2020-1593 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. | 7.6 |
2020-09-11 | CVE-2020-1508 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. | 7.6 |
2020-09-11 | CVE-2020-25283 | Incorrect Authorization vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. | 7.5 | |
2020-09-11 | CVE-2020-25282 | Incorrect Authorization vulnerability in Google Android 10.0 An issue was discovered on LG mobile devices with Android OS 10 software. | 7.5 | |
2020-09-11 | CVE-2020-25279 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. | 7.5 | |
2020-09-11 | CVE-2020-25278 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. | 7.5 | |
2020-09-11 | CVE-2020-1228 | Microsoft | Unspecified vulnerability in Microsoft products <p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. | 7.5 |
2020-09-11 | CVE-2020-1045 | Microsoft Fedoraproject Redhat | <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | 7.5 |
2020-09-11 | CVE-2020-1031 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. | 7.5 |
2020-09-11 | CVE-2020-1013 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. | 7.5 |
2020-09-11 | CVE-2020-0908 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. | 7.5 |
2020-09-11 | CVE-2020-0836 | Microsoft | Unspecified vulnerability in Microsoft products <p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. | 7.5 |
2020-09-11 | CVE-2020-15166 | Zeromq Fedoraproject Debian | Resource Exhaustion vulnerability in multiple products In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. | 7.5 |
2020-09-11 | CVE-2020-14096 | MI | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in MI Xiaomi AI Speaker Firmware Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | 7.5 |
2020-09-11 | CVE-2020-25260 | Hyland | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25259 | Hyland | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25258 | Hyland | Deserialization of Untrusted Data vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25257 | Hyland | XXE vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25254 | Hyland | SQL Injection vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25253 | Hyland | SQL Injection vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 7.5 |
2020-09-11 | CVE-2020-25247 | Hyland | Path Traversal vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. | 7.5 |
2020-09-10 | CVE-2020-14198 | Bitcoin | Unspecified vulnerability in Bitcoin Core 0.20.0 Bitcoin Core 0.20.0 allows remote denial of service. | 7.5 |
2020-09-09 | CVE-2020-15173 | Accel PPP | Classic Buffer Overflow vulnerability in Accel-Ppp 1.10.0/1.12.0/1.12.092G38B6104 In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. | 7.5 |
2020-09-09 | CVE-2020-25219 | Libproxy Project Debian Fedoraproject Opensuse Canonical | Uncontrolled Recursion vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. | 7.5 |
2020-09-09 | CVE-2020-24199 | Projectworlds | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds CAR Rental Project 1.0 Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | 7.5 |
2020-09-09 | CVE-2020-1749 | Linux Redhat | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. | 7.5 |
2020-09-09 | CVE-2020-24197 | Stock Management System Project | SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0 A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | 7.5 |
2020-09-09 | CVE-2020-24074 | Silk V3 Decoder Project | Unchecked Return Value vulnerability in Silk-V3-Decoder Project Silk-V3-Decoder 20160922 The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | 7.5 |
2020-09-09 | CVE-2020-6302 | SAP | Unspecified vulnerability in SAP Commerce SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. | 7.5 |
2020-09-08 | CVE-2020-11117 | Qualcomm | Command Injection vulnerability in Qualcomm products u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 | 7.5 |
2020-09-11 | CVE-2020-1345 | Microsoft | Cross-site Scripting vulnerability in Microsoft products <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 7.4 |
2020-09-11 | CVE-2020-1198 | Microsoft | Cross-site Scripting vulnerability in Microsoft products <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 7.4 |
2020-09-11 | CVE-2020-1471 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. | 7.3 |
2020-09-11 | CVE-2020-1319 | Microsoft | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. | 7.3 |
2020-09-09 | CVE-2020-7320 | Mcafee | Unspecified vulnerability in Mcafee Endpoint Security Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services. | 7.3 |
2020-09-10 | CVE-2020-25220 | Linux | Use After Free vulnerability in Linux Kernel The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. | 7.2 |
2020-09-09 | CVE-2020-10051 | Siemens | Unquoted Search Path or Element vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). | 7.2 |
2020-09-09 | CVE-2020-10050 | Siemens | Incorrect Default Permissions vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). | 7.2 |
2020-09-09 | CVE-2018-17772 | Ingenico | Unspecified vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. | 7.2 |
2020-09-09 | CVE-2018-17770 | Ingenico | Classic Buffer Overflow vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. | 7.2 |
2020-09-09 | CVE-2020-2038 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. | 7.2 |
2020-09-09 | CVE-2020-3656 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.2 |
2020-09-09 | CVE-2020-11129 | Qualcomm | Use After Free vulnerability in Qualcomm products u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130 | 7.2 |
2020-09-09 | CVE-2020-11124 | Qualcomm | Use After Free vulnerability in Qualcomm products u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.2 |
2020-09-08 | CVE-2020-3666 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5500, QCN5502, QCS404, QCS405, QCS605, SA6155P, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SXR1130 | 7.2 |
2020-09-08 | CVE-2020-3640 | Qualcomm | Incorrect Calculation of Buffer Size vulnerability in Qualcomm products u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 | 7.2 |
2020-09-08 | CVE-2020-11128 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9607, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QCS610, QM215, Rennell, SA515M, SA6155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-14117 | Qualcomm | Use After Free vulnerability in Qualcomm products u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-14089 | Qualcomm | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Qualcomm products u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, Nicobar, QCS404, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-14074 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-14065 | Qualcomm | Double Free vulnerability in Qualcomm products u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-14056 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Kamorta, MDM9150, MDM9205, MDM9607, MDM9650, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-13999 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-13998 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-13995 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-13994 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-13992 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10629 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10628 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, Bitra, MDM9205, MDM9650, MSM8998, Nicobar, QCA6390, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10615 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10596 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Nicobar, QCS605, QCS610, Rennell, SA6155P, Saipan, SC7180, SC8180X, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10562 | Qualcomm | Improper Authentication vulnerability in Qualcomm products u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-08 | CVE-2019-10527 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6574AU, QCA8081, QCM2150, QCN7605, QCN7606, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.2 |
2020-09-11 | CVE-2020-16862 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 9.0 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. | 7.1 |
2020-09-11 | CVE-2020-16857 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 for Finance and Operations 10.0.11 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. | 7.1 |
2020-09-11 | CVE-2020-16853 | Microsoft | Link Following vulnerability in Microsoft Onedrive <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. | 7.1 |
2020-09-11 | CVE-2020-16852 | Microsoft | Unspecified vulnerability in Microsoft Onedrive <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. | 7.1 |
2020-09-11 | CVE-2020-16851 | Microsoft | Link Following vulnerability in Microsoft Onedrive <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. | 7.1 |
2020-09-11 | CVE-2020-1308 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. | 7.0 |
2020-09-11 | CVE-2020-1245 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | 7.0 |
2020-09-11 | CVE-2020-0912 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 7.0 |
2020-09-10 | CVE-2020-7311 | Mcafee | Improper Privilege Management vulnerability in Mcafee Agent 5.0.0 Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | 7.0 |
2020-09-09 | CVE-2020-14342 | Samba Fedoraproject Opensuse | OS Command Injection vulnerability in multiple products It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. | 7.0 |
213 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-09-09 | CVE-2020-7323 | Mcafee | Improper Authentication vulnerability in Mcafee Endpoint Security Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. | 6.9 |
2020-09-08 | CVE-2020-3619 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ8074, Kamorta, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCA8081, QCS404, QCS605, QCS610, QM215, Rennell, SA415M, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130 | 6.9 |
2020-09-08 | CVE-2019-14119 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 6.9 |
2020-09-13 | CVE-2020-25291 | Kingsoft | Out-of-bounds Write vulnerability in Kingsoft WPS Office GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. | 6.8 |
2020-09-11 | CVE-2020-23824 | Argosoft | Cross-Site Request Forgery (CSRF) vulnerability in Argosoft Mail Server 1.8.8.9 ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. | 6.8 |
2020-09-11 | CVE-2020-16860 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 9.0 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. | 6.8 |
2020-09-11 | CVE-2020-1034 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. | 6.8 |
2020-09-11 | CVE-2020-25276 | Primekey | Improper Certificate Validation vulnerability in Primekey Ejbca 7.0.0/7.3.1.2 An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. | 6.8 |
2020-09-11 | CVE-2020-16212 | Philips | Exposure of Resource to Wrong Sphere vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 6.8 |
2020-09-11 | CVE-2020-24164 | Taoensso | Deserialization of Untrusted Data vulnerability in Taoensso Nippy A deserialization flaw is present in Taoensso Nippy before 2.14.2. | 6.8 |
2020-09-11 | CVE-2019-20918 | Inspircd | Use After Free vulnerability in Inspircd 3.0.0/3.0.1 An issue was discovered in InspIRCd 3 before 3.1.0. | 6.8 |
2020-09-11 | CVE-2020-25252 | Hyland | Cross-Site Request Forgery (CSRF) vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 6.8 |
2020-09-10 | CVE-2020-9731 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). | 6.8 |
2020-09-10 | CVE-2020-9730 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). | 6.8 |
2020-09-10 | CVE-2020-9729 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). | 6.8 |
2020-09-10 | CVE-2020-9728 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). | 6.8 |
2020-09-10 | CVE-2020-9727 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). | 6.8 |
2020-09-10 | CVE-2020-9725 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. | 6.8 |
2020-09-10 | CVE-2020-15170 | Ctrip | Unspecified vulnerability in Ctrip Apollo apollo-adminservice before version 1.7.1 does not implement access controls. | 6.8 |
2020-09-09 | CVE-2020-1913 | Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. | 6.8 | |
2020-09-09 | CVE-2018-17774 | Ingenico | Unspecified vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. | 6.8 |
2020-09-09 | CVE-2018-17773 | Ingenico | Classic Buffer Overflow vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. | 6.8 |
2020-09-09 | CVE-2018-17768 | Ingenico | Unspecified vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have an insecure TRACE protocol. | 6.8 |
2020-09-09 | CVE-2018-17767 | Ingenico | Use of Hard-coded Credentials vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have hardcoded PPP credentials. | 6.8 |
2020-09-09 | CVE-2018-17765 | Ingenico | Unspecified vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. | 6.8 |
2020-09-09 | CVE-2020-2036 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. | 6.8 |
2020-09-11 | CVE-2020-0951 | Microsoft | Unspecified vulnerability in Microsoft products <p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. | 6.7 |
2020-09-10 | CVE-2020-7315 | Mcafee | Untrusted Search Path vulnerability in Mcafee Agent 5.0.0 DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | 6.7 |
2020-09-11 | CVE-2020-1590 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. | 6.6 |
2020-09-11 | CVE-2020-1159 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. | 6.6 |
2020-09-11 | CVE-2020-1146 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. | 6.6 |
2020-09-11 | CVE-2020-1130 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. | 6.6 |
2020-09-09 | CVE-2018-17771 | Ingenico | Use of Hard-coded Credentials vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have hardcoded FTP credentials. | 6.6 |
2020-09-09 | CVE-2018-17769 | Ingenico | Classic Buffer Overflow vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. | 6.6 |
2020-09-09 | CVE-2020-3617 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130 | 6.6 |
2020-09-13 | CVE-2020-25287 | Pligg Project | Unrestricted Upload of File with Dangerous Type vulnerability in Pligg Project Pligg 2.0.3 Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | 6.5 |
2020-09-11 | CVE-2020-1097 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. | 6.5 |
2020-09-11 | CVE-2020-1091 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. | 6.5 |
2020-09-11 | CVE-2020-0904 | Microsoft | Improper Input Validation vulnerability in Microsoft products <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p> <p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p> | 6.5 |
2020-09-11 | CVE-2020-0890 | Microsoft | Unspecified vulnerability in Microsoft products <p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p> <p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p> | 6.5 |
2020-09-11 | CVE-2020-0856 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. | 6.5 |
2020-09-11 | CVE-2020-0664 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. | 6.5 |
2020-09-11 | CVE-2020-16224 | Philips | Improper Handling of Length Parameter Inconsistency vulnerability in Philips Patient Information Center IX C.02/C.03 In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | 6.5 |
2020-09-11 | CVE-2020-16216 | Philips | Improper Input Validation vulnerability in Philips products In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | 6.5 |
2020-09-11 | CVE-2020-25269 | Inspircd Debian | Use After Free vulnerability in multiple products An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. | 6.5 |
2020-09-11 | CVE-2019-20917 | Inspircd Debian | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. | 6.5 |
2020-09-09 | CVE-2020-13127 | Loway | SQL Injection vulnerability in Loway Queuemetrics A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. | 6.5 |
2020-09-09 | CVE-2020-24195 | Online Bike Rental Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Bike Rental Project Online Bike Rental 1.0 An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | 6.5 |
2020-09-09 | CVE-2020-6311 | SAP | Improper Authorization vulnerability in SAP products Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. | 6.5 |
2020-09-09 | CVE-2020-6318 | SAP | Code Injection vulnerability in SAP Abap Platform A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. | 6.5 |
2020-09-11 | CVE-2020-16228 | Philips | Improper Check for Certificate Revocation vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | 6.4 |
2020-09-11 | CVE-2020-25256 | Hyland | Use of Hard-coded Credentials vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 6.4 |
2020-09-11 | CVE-2020-25251 | Hyland | Improper Authentication vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 6.4 |
2020-09-11 | CVE-2020-1482 | Microsoft | Cross-site Scripting vulnerability in Microsoft products <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 6.3 |
2020-09-11 | CVE-2020-1440 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. | 6.3 |
2020-09-11 | CVE-2020-1598 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. | 6.1 |
2020-09-11 | CVE-2020-1506 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 11 <p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. | 6.1 |
2020-09-11 | CVE-2020-15169 | Action View Project Debian Fedoraproject | Cross-site Scripting vulnerability in multiple products In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. | 6.1 |
2020-09-09 | CVE-2020-24198 | Stock Management System Project | Cross-site Scripting vulnerability in Stock Management System Project Stock Management System 1.0 A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | 6.1 |
2020-09-09 | CVE-2020-6324 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting. | 6.1 |
2020-09-09 | CVE-2020-7324 | Mcafee | Improper Privilege Management vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions. | 6.1 |
2020-09-10 | CVE-2020-15171 | Xwiki | Injection vulnerability in Xwiki In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. | 6.0 |
2020-09-10 | CVE-2020-9732 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. | 6.0 |
2020-09-09 | CVE-2020-25211 | Linux Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. | 6.0 |
2020-09-11 | CVE-2020-15802 | Bluetooth | Improper Authentication vulnerability in Bluetooth Core Specification Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. | 5.9 |
2020-09-10 | CVE-2020-13920 | Apache Oracle Debian | Missing Authentication for Critical Function vulnerability in multiple products Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. | 5.9 |
2020-09-11 | CVE-2020-1152 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. | 5.8 |
2020-09-10 | CVE-2020-9726 | Adobe | Out-of-bounds Read vulnerability in Adobe Framemaker Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. | 5.8 |
2020-09-09 | CVE-2020-15789 | Siemens | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Polarion Subversion Webclient A vulnerability has been identified in Polarion Subversion Webclient (All versions). | 5.8 |
2020-09-09 | CVE-2020-5627 | Yodobashi | Open Redirect vulnerability in Yodobashi 1.2.1.0/1.4.4/1.8.7 Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. | 5.8 |
2020-09-11 | CVE-2020-14332 | Redhat Debian | Improper Output Neutralization for Logs vulnerability in multiple products A flaw was found in the Ansible Engine when using module_args. | 5.5 |
2020-09-11 | CVE-2020-14330 | Redhat Debian | Information Exposure Through Log Files vulnerability in multiple products An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. | 5.5 |
2020-09-11 | CVE-2020-16879 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. | 5.5 |
2020-09-11 | CVE-2020-16855 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Office 2016/2019 <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. | 5.5 |
2020-09-11 | CVE-2020-16854 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-1303 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-1256 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. | 5.5 |
2020-09-11 | CVE-2020-1250 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. | 5.5 |
2020-09-11 | CVE-2020-1224 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. | 5.5 |
2020-09-11 | CVE-2020-1133 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. | 5.5 |
2020-09-11 | CVE-2020-1122 | Microsoft | Improper Check for Unusual or Exceptional Conditions vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. | 5.5 |
2020-09-11 | CVE-2020-1119 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-1083 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-1038 | Microsoft | Unspecified vulnerability in Microsoft products <p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-0989 | Microsoft | Missing Authorization vulnerability in Microsoft products <p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. | 5.5 |
2020-09-11 | CVE-2020-0941 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. | 5.5 |
2020-09-11 | CVE-2020-0928 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-0921 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Graphics Component Denial of Service Vulnerability | 5.5 |
2020-09-11 | CVE-2020-0914 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. | 5.5 |
2020-09-11 | CVE-2020-0875 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. | 5.5 |
2020-09-10 | CVE-2020-15024 | Avast | Incomplete Cleanup vulnerability in Avast Antivirus 20.1.5069.562 An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. | 5.5 |
2020-09-09 | CVE-2020-6320 | SAP | Incorrect Authorization vulnerability in SAP Marketing 130/140/150 SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. | 5.5 |
2020-09-11 | CVE-2020-16878 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 8.2/9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-16871 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 8.2/9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-16864 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-16861 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 8.2/9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-16859 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-16858 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. | 5.4 |
2020-09-11 | CVE-2020-1596 | Microsoft | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Microsoft products <p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. | 5.4 |
2020-09-11 | CVE-2020-1575 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013 <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 5.4 |
2020-09-11 | CVE-2020-1514 | Microsoft | Cross-site Scripting vulnerability in Microsoft products <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 5.4 |
2020-09-11 | CVE-2020-1227 | Microsoft | Cross-site Scripting vulnerability in Microsoft products <p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 5.4 |
2020-09-11 | CVE-2013-7490 | Perl Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in the DBI module before 1.632 for Perl. | 5.3 |
2020-09-11 | CVE-2020-0805 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 <p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. | 5.3 |
2020-09-09 | CVE-2020-15785 | Siemens | Cleartext Transmission of Sensitive Information vulnerability in Siemens Siveillance Video Client A vulnerability has been identified in Siveillance Video Client (All versions). | 5.3 |
2020-09-13 | CVE-2020-25286 | Wordpress | Unspecified vulnerability in Wordpress In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | 5.0 |
2020-09-11 | CVE-2020-25281 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. | 5.0 | |
2020-09-11 | CVE-2020-0837 | Microsoft | Unspecified vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. | 5.0 |
2020-09-11 | CVE-2020-11991 | Apache | XXE vulnerability in Apache Cocoon When using the StreamGenerator, the code parse a user-provided XML. | 5.0 |
2020-09-11 | CVE-2020-16214 | Philips | Improper Neutralization of Formula Elements in a CSV File vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 5.0 |
2020-09-11 | CVE-2020-25255 | Hyland | Unspecified vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 5.0 |
2020-09-11 | CVE-2020-25250 | Hyland | Unspecified vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 5.0 |
2020-09-11 | CVE-2020-25249 | Hyland | Unspecified vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 5.0 |
2020-09-11 | CVE-2020-25248 | Hyland | Path Traversal vulnerability in Hyland Onbase An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. | 5.0 |
2020-09-10 | CVE-2020-15168 | Node Fetch Project | Allocation of Resources Without Limits or Throttling vulnerability in Node-Fetch Project Node-Fetch node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. | 5.0 |
2020-09-10 | CVE-2020-9733 | Adobe | Improper Privilege Management vulnerability in Adobe Experience Manager An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. | 5.0 |
2020-09-10 | CVE-2020-17408 | NEC | XXE vulnerability in NEC Expresscluster X 4.1/4.2 This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. | 5.0 |
2020-09-10 | CVE-2018-17145 | Bcoin Bitcoin Bitcoinknots Btcd Project Decred Litecoin Namecoin | Resource Exhaustion vulnerability in multiple products Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. | 5.0 |
2020-09-10 | CVE-2020-6097 | Atftp Project Debian Opensuse | Reachable Assertion vulnerability in multiple products An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. | 5.0 |
2020-09-10 | CVE-2020-5780 | Icegram | Missing Authentication for Critical Function vulnerability in Icegram Email Subscribers & Newsletters Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. | 5.0 |
2020-09-09 | CVE-2020-15790 | Siemens | Information Exposure vulnerability in Siemens Spectrum Power 4 4.70 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). | 5.0 |
2020-09-09 | CVE-2020-15787 | Siemens | Authentication Bypass by Primary Weakness vulnerability in Siemens Simatic HMI United Comfort Panels Firmware A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). | 5.0 |
2020-09-09 | CVE-2020-15786 | Siemens | Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. | 5.0 |
2020-09-09 | CVE-2020-15784 | Siemens | Cleartext Storage of Sensitive Information vulnerability in Siemens Spectrum Power 4 4.70 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). | 5.0 |
2020-09-09 | CVE-2020-2039 | Paloaltonetworks | Resource Exhaustion vulnerability in Paloaltonetworks Pan-Os An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. | 5.0 |
2020-09-09 | CVE-2020-14384 | Redhat | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Jbossweb A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. | 5.0 |
2020-09-09 | CVE-2020-6288 | SAP | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. | 5.0 |
2020-09-08 | CVE-2020-11118 | Qualcomm | Information Exposure vulnerability in Qualcomm products u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 5.0 |
2020-09-08 | CVE-2020-11115 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 5.0 |
2020-09-09 | CVE-2020-15163 | Linuxfoundation | Insufficient Verification of Data Authenticity vulnerability in Linuxfoundation the Update Framework Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. | 4.9 |
2020-09-08 | CVE-2020-3621 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 4.9 |
2020-09-11 | CVE-2020-16873 | Microsoft | Insecure Default Initialization of Resource vulnerability in Microsoft Xamarin.Forms <p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. | 4.7 |
2020-09-09 | CVE-2020-7322 | Mcafee | Information Exposure Through Log Files vulnerability in Mcafee Endpoint Security Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs. | 4.7 |
2020-09-11 | CVE-2020-25280 | Unspecified vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. | 4.6 | |
2020-09-11 | CVE-2020-1205 | Microsoft | Unspecified vulnerability in Microsoft products <p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. | 4.6 |
2020-09-09 | CVE-2018-17766 | Ingenico | Incorrect Permission Assignment for Critical Resource vulnerability in Ingenico Telium 2 Firmware Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. | 4.6 |
2020-09-08 | CVE-2020-3648 | Qualcomm | Improper Input Validation vulnerability in Qualcomm Msm8909W Firmware u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W | 4.6 |
2020-09-08 | CVE-2020-3647 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55, SM6150, SM7150, SM8150 | 4.6 |
2020-09-08 | CVE-2020-3646 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 4.6 |
2020-09-08 | CVE-2020-3636 | Qualcomm | Unspecified vulnerability in Qualcomm products u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 | 4.6 |
2020-09-08 | CVE-2020-3629 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 | 4.6 |
2020-09-08 | CVE-2020-3624 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 4.6 |
2020-09-08 | CVE-2020-3622 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 4.6 |
2020-09-08 | CVE-2020-3611 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130 | 4.6 |
2020-09-08 | CVE-2020-11133 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130 | 4.6 |
2020-09-08 | CVE-2020-11120 | Qualcomm | Use After Free vulnerability in Qualcomm products u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130 | 4.6 |
2020-09-13 | CVE-2020-25285 | Linux Debian Canonical | NULL Pointer Dereference vulnerability in multiple products A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 4.4 |
2020-09-11 | CVE-2020-1592 | Microsoft | Improper Initialization vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. | 4.4 |
2020-09-11 | CVE-2020-1589 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. | 4.4 |
2020-09-10 | CVE-2020-10773 | Linux | Unspecified vulnerability in Linux Kernel 5.4.0 A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. | 4.4 |
2020-09-09 | CVE-2020-10049 | Siemens | Incorrect Default Permissions vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). | 4.4 |
2020-09-09 | CVE-2020-25212 | Linux Debian Opensuse Canonical | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | 4.4 |
2020-09-11 | CVE-2020-1044 | Microsoft | Improper Input Validation vulnerability in Microsoft SQL Server Reporting Services 2017/2019 <p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. | 4.3 |
2020-09-11 | CVE-2018-19948 | Qnap | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 4.3 |
2020-09-11 | CVE-2018-19946 | Qnap | Improper Certificate Validation vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 4.3 |
2020-09-11 | CVE-2020-16220 | Philips | Improper Validation of Syntactic Correctness of Input vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. | 4.3 |
2020-09-10 | CVE-2020-9743 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. | 4.3 |
2020-09-10 | CVE-2020-24582 | Zulipchat | Cross-site Scripting vulnerability in Zulipchat Zulip Desktop Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. | 4.3 |
2020-09-10 | CVE-2020-24739 | Idreamsoft | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0 A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. | 4.3 |
2020-09-09 | CVE-2020-15788 | Siemens | Cross-site Scripting vulnerability in Siemens Polarion Subversion Webclient A vulnerability has been identified in Polarion Subversion Webclient (All versions). | 4.3 |
2020-09-09 | CVE-2020-24566 | Octopus | Information Exposure Through Log Files vulnerability in Octopus Deploy In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output. | 4.3 |
2020-09-09 | CVE-2020-24794 | Kentico | Cross-site Scripting vulnerability in Kentico Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. | 4.3 |
2020-09-09 | CVE-2020-24194 | Daily Tracker System Project | Cross-site Scripting vulnerability in Daily Tracker System Project Daily Tracker System 1.0 A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | 4.3 |
2020-09-09 | CVE-2020-6361 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6360 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6359 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6358 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6357 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6356 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6355 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6354 | SAP | Use After Free vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6353 | SAP | Use After Free vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6352 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6351 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6350 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6349 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6348 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6347 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6346 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6345 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6344 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6343 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6342 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6341 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6340 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6339 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6338 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6337 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6336 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6335 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6334 | SAP | Use After Free vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6333 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6332 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6331 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6330 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6329 | SAP | Use After Free vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6328 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6327 | SAP | Integer Overflow or Wraparound vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6322 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6321 | SAP | Access of Uninitialized Pointer vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6314 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 4.3 |
2020-09-09 | CVE-2020-6283 | SAP | Cross-site Scripting vulnerability in SAP Fiori Launchpad SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2020-09-08 | CVE-2020-11122 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130 | 4.3 |
2020-09-11 | CVE-2020-16884 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge <p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. | 4.2 |
2020-09-11 | CVE-2020-1180 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. | 4.2 |
2020-09-11 | CVE-2020-1172 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. | 4.2 |
2020-09-11 | CVE-2020-1057 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge <p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. | 4.2 |
2020-09-11 | CVE-2020-0878 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore, Edge and Internet Explorer <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. | 4.2 |
2020-09-11 | CVE-2020-1033 | Microsoft | Unspecified vulnerability in Microsoft products <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. | 4.0 |
2020-09-11 | CVE-2018-19947 | Qnap | Information Exposure Through an Error Message vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of Helpdesk. | 4.0 |
2020-09-09 | CVE-2020-2044 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. | 4.0 |
2020-09-09 | CVE-2020-2043 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. | 4.0 |
2020-09-09 | CVE-2020-6313 | SAP | Improper Input Validation vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | 4.0 |
31 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-09-09 | CVE-2020-1968 | Openssl Canonical Debian Oracle Fujitsu | Information Exposure Through Discrepancy vulnerability in multiple products The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | 3.7 |
2020-09-11 | CVE-2020-16218 | Philips | Cross-site Scripting vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. | 3.5 |
2020-09-10 | CVE-2020-9742 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. | 3.5 |
2020-09-10 | CVE-2020-9741 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. | 3.5 |
2020-09-10 | CVE-2020-9740 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. | 3.5 |
2020-09-10 | CVE-2020-9738 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 3.5 |
2020-09-10 | CVE-2020-9737 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 3.5 |
2020-09-10 | CVE-2020-9736 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 3.5 |
2020-09-10 | CVE-2020-9735 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. | 3.5 |
2020-09-10 | CVE-2020-9734 | Adobe | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. | 3.5 |
2020-09-10 | CVE-2020-4578 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 3.5 |
2020-09-09 | CVE-2020-6326 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting. | 3.5 |
2020-09-09 | CVE-2020-6312 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. | 3.5 |
2020-09-08 | CVE-2020-4698 | IBM | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. | 3.5 |
2020-09-08 | CVE-2020-4516 | IBM | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. | 3.5 |
2020-09-09 | CVE-2020-15791 | Siemens | Insufficiently Protected Credentials vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. | 3.3 |
2020-09-09 | CVE-2020-7068 | PHP Debian Tenable | Use After Free vulnerability in multiple products In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. | 3.3 |
2020-09-08 | CVE-2020-3702 | Qualcomm Debian Arista | Cleartext Transmission of Sensitive Information vulnerability in multiple products u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 | 3.3 |
2020-09-09 | CVE-2020-14292 | Health | Incorrect Authorization vulnerability in Health Covidsafe In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. | 2.9 |
2020-09-13 | CVE-2020-25289 | Avast | Link Following vulnerability in Avast Secureline VPN The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 2.1 |
2020-09-11 | CVE-2020-9239 | Huawei | Information Exposure vulnerability in Huawei products Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. | 2.1 |
2020-09-11 | CVE-2014-1420 | Canonical | Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. | 2.1 |
2020-09-09 | CVE-2020-3679 | Qualcomm | Information Exposure vulnerability in Qualcomm products u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 2.1 |
2020-09-09 | CVE-2020-3674 | Qualcomm | Information Exposure vulnerability in Qualcomm products Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | 2.1 |
2020-09-08 | CVE-2020-3644 | Qualcomm | Information Exposure vulnerability in Qualcomm products u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2.1 |
2020-09-08 | CVE-2020-3643 | Qualcomm | Information Exposure vulnerability in Qualcomm products u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2.1 |
2020-09-08 | CVE-2020-3620 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2.1 |
2020-09-08 | CVE-2019-14115 | Qualcomm | Information Exposure vulnerability in Qualcomm products u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 2.1 |
2020-09-08 | CVE-2019-14025 | Qualcomm | Unspecified vulnerability in Qualcomm products u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can cause TZ to jump to a invalid address' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 | 2.1 |
2020-09-13 | CVE-2020-25284 | Linux Debian Opensuse | Incorrect Authorization vulnerability in multiple products The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | 1.9 |
2020-09-10 | CVE-2020-24655 | Twilio | Race Condition vulnerability in Twilio Authy 2-Factor Authentication 24.3.7 A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement). | 1.9 |