Weekly Vulnerabilities Reports > October 12 to 18, 2020
Overview
267 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 106 high severity vulnerabilities. This weekly summary report vulnerabilities in 237 products from 92 vendors including Apple, IBM, Google, Huawei, and SAP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Improper Input Validation", and "Classic Buffer Overflow".
- 159 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 168 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 44 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
30 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-15 | CVE-2020-6364 | SAP | OS Command Injection vulnerability in SAP Introscope Enterprise Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. | 10.0 |
2020-10-16 | CVE-2020-1660 | Juniper | Unspecified vulnerability in Juniper Junos When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. | 9.9 |
2020-10-16 | CVE-2020-26943 | Openstack | Unspecified vulnerability in Openstack Blazar-Dashboard An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. | 9.9 |
2020-10-17 | CVE-2020-27197 | Libtaxii Project Eclecticiq | Server-Side Request Forgery (SSRF) vulnerability in multiple products TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. | 9.8 |
2020-10-16 | CVE-2020-9918 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 9.8 |
2020-10-16 | CVE-2020-9895 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 9.8 |
2020-10-16 | CVE-2020-9864 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved restrictions. | 9.8 |
2020-10-16 | CVE-2020-15254 | Crossbeam Project | Memory Leak vulnerability in Crossbeam Project Crossbeam Crossbeam is a set of tools for concurrent programming. | 9.8 |
2020-10-16 | CVE-2020-26944 | Aptean | SQL Injection vulnerability in Aptean Product Configurator 4.61.0000 An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. | 9.8 |
2020-10-16 | CVE-2019-19513 | Un4Seen | Out-of-bounds Write vulnerability in Un4Seen Bassmidi 2.4.12.1 The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. | 9.8 |
2020-10-15 | CVE-2019-17640 | Eclipse | Path Traversal vulnerability in Eclipse Vert.X In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | 9.8 |
2020-10-15 | CVE-2020-12504 | Pepperl Fuchs Korenix Westermo | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | 9.8 |
2020-10-15 | CVE-2020-12501 | Pepperl Fuchs Korenix | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | 9.8 |
2020-10-15 | CVE-2020-4499 | IBM | Unspecified vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. | 9.8 |
2020-10-15 | CVE-2020-27156 | Veritas | Incorrect Authorization vulnerability in Veritas Aptare 10.4 Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. | 9.8 |
2020-10-14 | CVE-2020-8349 | Lenovo | Code Injection vulnerability in Lenovo Cloud Networking Operating System An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. | 9.8 |
2020-10-13 | CVE-2020-13957 | Apache | Incorrect Authorization vulnerability in Apache Solr Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. | 9.8 |
2020-10-13 | CVE-2020-17407 | Microhardcorp | Unspecified vulnerability in Microhardcorp Bullet-Lte Firmware This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. | 9.8 |
2020-10-13 | CVE-2020-16124 | ROS | Integer Overflow or Wraparound vulnerability in ROS Ros-Comm Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. | 9.8 |
2020-10-12 | CVE-2019-17444 | Jfrog | Weak Password Requirements vulnerability in Jfrog Artifactory Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. | 9.8 |
2020-10-12 | CVE-2020-26867 | Pcvuesolutions | Deserialization of Untrusted Data vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | 9.8 |
2020-10-12 | CVE-2020-5135 | Sonicwall | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. | 9.8 |
2020-10-16 | CVE-2020-27176 | Marktext | Cross-site Scripting vulnerability in Marktext Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. | 9.6 |
2020-10-14 | CVE-2020-15229 | Sylabs Opensuse | Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. | 9.3 |
2020-10-16 | CVE-2019-19885 | Bender | Missing Authorization vulnerability in Bender products In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. | 9.1 |
2020-10-14 | CVE-2020-0376 | Out-of-bounds Read vulnerability in Google Android There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156 | 9.1 | |
2020-10-14 | CVE-2020-0371 | Out-of-bounds Read vulnerability in Google Android There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256 | 9.1 | |
2020-10-14 | CVE-2020-0367 | Out-of-bounds Write vulnerability in Google Android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 | 9.1 | |
2020-10-14 | CVE-2020-0339 | Out-of-bounds Read vulnerability in Google Android There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705 | 9.1 | |
2020-10-14 | CVE-2020-0283 | Out-of-bounds Write vulnerability in Google Android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257 | 9.1 |
106 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-16 | CVE-2020-9983 | Apple Fedoraproject | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue was addressed with improved bounds checking. | 8.8 |
2020-10-16 | CVE-2020-9951 | Apple Webkit Debian | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 8.8 |
2020-10-16 | CVE-2020-9948 | Apple Webkit Debian | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved memory handling. | 8.8 |
2020-10-16 | CVE-2020-9910 | Apple | Unspecified vulnerability in Apple products Multiple issues were addressed with improved logic. | 8.8 |
2020-10-16 | CVE-2020-9893 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |
2020-10-16 | CVE-2020-9870 | Apple | Improper Input Validation vulnerability in Apple products A logic issue was addressed with improved validation. | 8.8 |
2020-10-16 | CVE-2020-15252 | Xwiki | Injection vulnerability in Xwiki In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. | 8.8 |
2020-10-16 | CVE-2020-26682 | Libass Project | Integer Overflow or Wraparound vulnerability in Libass Project Libass 0.14.0 In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. | 8.8 |
2020-10-15 | CVE-2020-7591 | Siemens | Unspecified vulnerability in Siemens Siport MP 2.2/3.0.3/3.1.4 A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). | 8.8 |
2020-10-15 | CVE-2020-12502 | Pepperl Fuchs Korenix | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. | 8.8 |
2020-10-15 | CVE-2020-5642 | Onwebchat | Cross-Site Request Forgery (CSRF) vulnerability in Onwebchat Live Chat - Live Support Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
2020-10-14 | CVE-2020-8350 | Lenovo | Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware 1.1.3.4 An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | 8.8 |
2020-10-14 | CVE-2020-9746 | Adobe | NULL Pointer Dereference vulnerability in Adobe Flash Player Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. | 8.8 |
2020-10-14 | CVE-2020-0416 | Insecure Default Initialization of Resource vulnerability in Google Android In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. | 8.8 | |
2020-10-14 | CVE-2020-7330 | Mcafee | Improper Privilege Management vulnerability in Mcafee Total Protection 4.0.161.1 Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | 8.8 |
2020-10-13 | CVE-2020-17406 | Microhardcorp | Unspecified vulnerability in Microhardcorp Bullet-Lte Firmware This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. | 8.8 |
2020-10-16 | CVE-2020-9865 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed by removing the vulnerable code. | 8.6 |
2020-10-15 | CVE-2020-27153 | Bluez Debian Opensuse | Double Free vulnerability in multiple products In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. | 8.6 |
2020-10-12 | CVE-2020-15012 | Sonatype | Path Traversal vulnerability in Sonatype Nexus Repository Manager A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. | 8.6 |
2020-10-15 | CVE-2020-7334 | Mcafee | Improper Privilege Management vulnerability in Mcafee Application and Change Control Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. | 8.2 |
2020-10-12 | CVE-2020-4388 | IBM | Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. | 8.2 |
2020-10-16 | CVE-2020-25214 | Overwolf | Unspecified vulnerability in Overwolf 0.149.2.30 In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. | 8.1 |
2020-10-15 | CVE-2020-27157 | Veritas | Authentication Bypass by Capture-replay vulnerability in Veritas Aptare 10.4 Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | 8.1 |
2020-10-14 | CVE-2020-7383 | Rapid7 | SQL Injection vulnerability in Rapid7 Nexpose A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. | 8.1 |
2020-10-12 | CVE-2020-4779 | IBM | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
2020-10-12 | CVE-2020-4772 | IBM | XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
2020-10-16 | CVE-2020-15258 | Wire | Unspecified vulnerability in Wire In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. | 8.0 |
2020-10-16 | CVE-2020-9992 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. | 7.8 |
2020-10-16 | CVE-2020-9958 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9936 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9923 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved memory handling. | 7.8 |
2020-10-16 | CVE-2020-9907 | Apple | Out-of-bounds Write vulnerability in Apple Tvos A memory corruption issue was addressed by removing the vulnerable code. | 7.8 |
2020-10-16 | CVE-2020-9891 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9890 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9889 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9888 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9884 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-9878 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-16 | CVE-2020-9862 | Apple | Improper Encoding or Escaping of Output vulnerability in Apple products A command injection issue existed in Web Inspector. | 7.8 |
2020-10-16 | CVE-2020-9799 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-16 | CVE-2020-26893 | Clamxav | Insufficient Verification of Data Authenticity vulnerability in Clamxav An issue was discovered in ClamXAV 3 before 3.1.1. | 7.8 |
2020-10-15 | CVE-2020-6108 | F2Fs Tools Project | Incorrect Calculation of Buffer Size vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. | 7.8 |
2020-10-15 | CVE-2020-6105 | F2Fs Tools Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. | 7.8 |
2020-10-15 | CVE-2020-6374 | SAP | Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-10-15 | CVE-2020-6373 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-10-15 | CVE-2020-6372 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 7.8 |
2020-10-14 | CVE-2020-8345 | Lenovo | Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | 7.8 |
2020-10-14 | CVE-2020-8338 | Lenovo | Untrusted Search Path vulnerability in Lenovo Diagnostics A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | 7.8 |
2020-10-14 | CVE-2020-3427 | Cisco | Unspecified vulnerability in Cisco DUO Authentication for Windows Logon and RDP The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. | 7.8 |
2020-10-14 | CVE-2020-0423 | Google Debian | Improper Locking vulnerability in multiple products In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. | 7.8 |
2020-10-14 | CVE-2020-0421 | Improper Handling of Exceptional Conditions vulnerability in Google Android In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. | 7.8 | |
2020-10-14 | CVE-2020-0420 | Missing Authorization vulnerability in Google Android 11.0 In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. | 7.8 | |
2020-10-14 | CVE-2020-0408 | Integer Overflow or Wraparound vulnerability in Google Android In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2020-10-14 | CVE-2020-25188 | Laquisscada | Unspecified vulnerability in Laquisscada Scada 4.1.0.4150/4.3.1.71 An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | 7.8 |
2020-10-14 | CVE-2019-2194 | Incorrect Type Conversion or Cast vulnerability in Google Android 9.0 In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. | 7.8 | |
2020-10-13 | CVE-2020-12928 | AMD | Unspecified vulnerability in AMD Ryzen Master A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. | 7.8 |
2020-10-13 | CVE-2020-17417 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. | 7.8 |
2020-10-13 | CVE-2020-17416 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. | 7.8 |
2020-10-13 | CVE-2020-17415 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. | 7.8 |
2020-10-13 | CVE-2020-17414 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. | 7.8 |
2020-10-13 | CVE-2020-17413 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware 3D This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. | 7.8 |
2020-10-13 | CVE-2020-17412 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware 3D This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. | 7.8 |
2020-10-13 | CVE-2020-17410 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. | 7.8 |
2020-10-12 | CVE-2020-4302 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
2020-10-12 | CVE-2020-9123 | Huawei | Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. | 7.8 |
2020-10-12 | CVE-2020-9090 | Huawei | Unspecified vulnerability in Huawei Fusionaccess 6.5.1 FusionAccess version 6.5.1 has an improper authorization vulnerability. | 7.8 |
2020-10-12 | CVE-2020-7811 | Samsung | Deserialization of Untrusted Data vulnerability in Samsung Update Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | 7.8 |
2020-10-16 | CVE-2020-1684 | Juniper | Unspecified vulnerability in Juniper Junos On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. | 7.5 |
2020-10-16 | CVE-2020-9931 | Apple | Improper Input Validation vulnerability in Apple Iphone OS A denial of service issue was addressed with improved input validation. | 7.5 |
2020-10-16 | CVE-2020-9917 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 7.5 |
2020-10-16 | CVE-2020-9914 | Apple | Improper Input Validation vulnerability in Apple Tvos An input validation issue existed in Bluetooth. | 7.5 |
2020-10-16 | CVE-2020-9911 | Apple | Unspecified vulnerability in Apple Iphone OS A logic issue was addressed with improved restrictions. | 7.5 |
2020-10-16 | CVE-2020-9903 | Apple | Origin Validation Error vulnerability in Apple Iphone OS A logic issue was addressed with improved restrictions. | 7.5 |
2020-10-16 | CVE-2020-4254 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0 IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2020-10-16 | CVE-2020-27178 | Apereo | Unspecified vulnerability in Apereo Central Authentication Service Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. | 7.5 |
2020-10-16 | CVE-2020-25829 | Powerdns Opensuse | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. | 7.5 |
2020-10-16 | CVE-2020-27174 | Amazon | Memory Leak vulnerability in Amazon Firecracker In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. | 7.5 |
2020-10-16 | CVE-2020-27173 | VM Superio Project | Allocation of Resources Without Limits or Throttling vulnerability in Vm-Superio Project Vm-Superio 0.1.0 In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). | 7.5 |
2020-10-15 | CVE-2020-25858 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm Mobile Access Point The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. | 7.5 |
2020-10-15 | CVE-2020-11637 | BR Automation | Memory Leak vulnerability in Br-Automation Automation Runtime A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. | 7.5 |
2020-10-14 | CVE-2020-0413 | Out-of-bounds Read vulnerability in Google Android In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2020-10-14 | CVE-2020-0377 | Out-of-bounds Read vulnerability in Google Android In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2020-10-14 | CVE-2020-6083 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Allen-Bradley Flex IO 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. | 7.5 |
2020-10-14 | CVE-2020-6087 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. | 7.5 |
2020-10-14 | CVE-2020-6086 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. | 7.5 |
2020-10-13 | CVE-2020-25645 | Linux Debian Netapp Opensuse Canonical | A flaw was found in the Linux kernel in versions before 5.9-rc7. | 7.5 |
2020-10-13 | CVE-2018-20243 | Apache | Insufficiently Protected Credentials vulnerability in Apache Fineract The implementation of POST with the username and password in the URL parameters exposed the credentials. | 7.5 |
2020-10-12 | CVE-2020-26546 | Evolutionscript | SQL Injection vulnerability in Evolutionscript Helpdeskz 1.0.2 An issue was discovered in HelpDeskZ 1.0.2. | 7.5 |
2020-10-12 | CVE-2020-25825 | Octopus | Unspecified vulnerability in Octopus Deploy In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | 7.5 |
2020-10-12 | CVE-2020-26869 | Pcvuesolutions | Unspecified vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. | 7.5 |
2020-10-12 | CVE-2020-26868 | Pcvuesolutions | Exposure of Resource to Wrong Sphere vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. | 7.5 |
2020-10-12 | CVE-2020-4778 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. | 7.5 |
2020-10-12 | CVE-2020-4776 | IBM | Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. | 7.5 |
2020-10-12 | CVE-2020-5140 | Sonicwall | Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. | 7.5 |
2020-10-12 | CVE-2020-5139 | Sonicwall | Release of Invalid Pointer or Reference vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. | 7.5 |
2020-10-12 | CVE-2020-5138 | Sonicwall | Out-of-bounds Write vulnerability in Sonicwall Sonicos and Sonicosv A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. | 7.5 |
2020-10-12 | CVE-2020-5137 | Sonicwall | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. | 7.5 |
2020-10-12 | CVE-2020-5133 | Sonicwall | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. | 7.5 |
2020-10-16 | CVE-2020-15255 | Anuko | Improper Neutralization of Formula Elements in a CSV File vulnerability in Anuko Time Tracker In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). | 7.3 |
2020-10-16 | CVE-2020-1676 | Juniper | Unspecified vulnerability in Juniper Mist Cloud UI When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. | 7.2 |
2020-10-16 | CVE-2020-4636 | IBM | Command Injection vulnerability in IBM Resilient Security Orchestration Automation and Response 38.2 IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. | 7.2 |
2020-10-16 | CVE-2020-15867 | Gogs | Unspecified vulnerability in Gogs The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. | 7.2 |
2020-10-16 | CVE-2020-14144 | Gitea | OS Command Injection vulnerability in Gitea The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). | 7.2 |
2020-10-15 | CVE-2020-12503 | Pepperl Fuchs Korenix | Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | 7.2 |
2020-10-16 | CVE-2020-9952 | Apple Webkit | Cross-site Scripting vulnerability in multiple products An input validation issue was addressed with improved input validation. | 7.1 |
2020-10-16 | CVE-2020-3991 | Vmware | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. | 7.1 |
123 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-16 | CVE-2020-9946 | Apple | Improper Locking vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 6.8 |
2020-10-14 | CVE-2020-15224 | Openenclave | Unspecified vulnerability in Openenclave In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. | 6.8 |
2020-10-13 | CVE-2020-15797 | Siemens | Unspecified vulnerability in Siemens DCA Vantage Analyzer Firmware A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. | 6.8 |
2020-10-13 | CVE-2020-7590 | Siemens | Unspecified vulnerability in Siemens DCA Vantage Analyzer Firmware A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. | 6.8 |
2020-10-12 | CVE-2020-4689 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to CVS Injection. | 6.8 |
2020-10-15 | CVE-2020-25859 | Qualcomm | OS Command Injection vulnerability in Qualcomm Qcmap The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. | 6.7 |
2020-10-15 | CVE-2020-7327 | Mcafee | Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0 Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 6.7 |
2020-10-15 | CVE-2020-7326 | Mcafee | Authentication Bypass by Spoofing vulnerability in Mcafee Active Response Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | 6.7 |
2020-10-16 | CVE-2019-12305 | Actions Micro | Unspecified vulnerability in Actions-Micro Ezcast PRO II Firmware In EZCast Pro II, the administrator password md5 hash is provided upon a web request. | 6.5 |
2020-10-16 | CVE-2020-26183 | Dell | Files or Directories Accessible to External Parties vulnerability in Dell EMC Networker Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. | 6.5 |
2020-10-16 | CVE-2020-26182 | Dell | Files or Directories Accessible to External Parties vulnerability in Dell EMC Networker Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. | 6.5 |
2020-10-16 | CVE-2020-9915 | Apple | Unspecified vulnerability in Apple products An access issue existed in Content Security Policy. | 6.5 |
2020-10-16 | CVE-2020-14299 | Redhat | Improper Authentication vulnerability in Redhat products A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. | 6.5 |
2020-10-16 | CVE-2019-18796 | Un4Seen | Infinite Loop vulnerability in Un4Seen Bass 2.4.14.1 The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. | 6.5 |
2020-10-16 | CVE-2019-18795 | Un4Seen | Out-of-bounds Read vulnerability in Un4Seen Bass 2.4.14.1 The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. | 6.5 |
2020-10-16 | CVE-2019-18794 | Un4Seen | Use After Free vulnerability in Un4Seen Bass 2.4.14.1 The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. | 6.5 |
2020-10-15 | CVE-2020-21674 | Libarchive | Out-of-bounds Write vulnerability in Libarchive 3.4.1 Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. | 6.5 |
2020-10-15 | CVE-2020-11645 | BR Automation | Resource Exhaustion vulnerability in Br-Automation products A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | 6.5 |
2020-10-15 | CVE-2020-11644 | BR Automation | Unspecified vulnerability in Br-Automation products The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | 6.5 |
2020-10-15 | CVE-2020-11643 | BR Automation | Information Exposure Through Log Files vulnerability in Br-Automation products An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. | 6.5 |
2020-10-15 | CVE-2020-11642 | BR Automation | Files or Directories Accessible to External Parties vulnerability in Br-Automation Sitemanager The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | 6.5 |
2020-10-15 | CVE-2020-11641 | BR Automation | Files or Directories Accessible to External Parties vulnerability in Br-Automation Sitemanager A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | 6.5 |
2020-10-14 | CVE-2020-0414 | Improper Initialization vulnerability in Google Android 10.0/11.0 In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. | 6.5 | |
2020-10-14 | CVE-2020-0411 | Use of Uninitialized Resource vulnerability in Google Android 10.0/11.0 In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. | 6.5 | |
2020-10-13 | CVE-2020-15251 | Mirahezebots | Missing Authorization vulnerability in Mirahezebots Channelmgnt 1.0.0/1.0.1/1.0.2 In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. | 6.5 |
2020-10-13 | CVE-2020-17409 | Netgear | Unspecified vulnerability in Netgear products This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. | 6.5 |
2020-10-12 | CVE-2020-9238 | Huawei | Classic Buffer Overflow vulnerability in Huawei Taurus-An00B Firmware Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. | 6.5 |
2020-10-12 | CVE-2020-9230 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei Ws5800-10 Firmware 10.0.3.25 WS5800-10 version 10.0.3.25 has a denial of service vulnerability. | 6.5 |
2020-10-12 | CVE-2020-9122 | Huawei | Improper Input Validation vulnerability in Huawei products Some Huawei products have an insufficient input verification vulnerability. | 6.5 |
2020-10-12 | CVE-2020-4781 | IBM | Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. | 6.5 |
2020-10-12 | CVE-2020-4773 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. | 6.5 |
2020-10-12 | CVE-2020-5141 | Sonicwall | Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. | 6.5 |
2020-10-12 | CVE-2020-5136 | Sonicwall | Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. | 6.5 |
2020-10-12 | CVE-2020-5134 | Sonicwall | Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. | 6.5 |
2020-10-14 | CVE-2020-8332 | Lenovo | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. | 6.4 |
2020-10-14 | CVE-2020-3483 | Cisco | Insufficiently Protected Credentials vulnerability in Cisco DUO Network Gateway 1.3.3/1.5.7 Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. | 6.3 |
2020-10-16 | CVE-2020-9925 | Apple | Cross-site Scripting vulnerability in Apple products A logic issue was addressed with improved state management. | 6.1 |
2020-10-16 | CVE-2020-15157 | Linuxfoundation Canonical Debian | Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. | 6.1 |
2020-10-16 | CVE-2020-24408 | Magento | Unspecified vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. | 6.1 |
2020-10-16 | CVE-2020-16270 | Olimpoks | Cross-site Scripting vulnerability in Olimpoks Olimpok OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. | 6.1 |
2020-10-16 | CVE-2020-26584 | Sagedpw | Cross-site Scripting vulnerability in Sagedpw Sage DPW 202006000/202006001 An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. | 6.1 |
2020-10-16 | CVE-2020-26583 | Sagedpw | Unrestricted Upload of File with Dangerous Type vulnerability in Sagedpw Sage DPW 202006000/202006001 An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. | 6.1 |
2020-10-16 | CVE-2020-27163 | Phpredisadmin Project | Cross-site Scripting vulnerability in PHPredisadmin Project PHPredisadmin phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. | 6.1 |
2020-10-15 | CVE-2019-4552 | IBM | Unspecified vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. | 6.1 |
2020-10-15 | CVE-2020-6365 | SAP | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 6.1 |
2020-10-15 | CVE-2020-6323 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50 SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | 6.1 |
2020-10-15 | CVE-2020-6319 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. | 6.1 |
2020-10-14 | CVE-2020-24188 | Unitedplanet | Cross-site Scripting vulnerability in Unitedplanet Intrexx 5.2/6.0 Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. | 6.1 |
2020-10-14 | CVE-2020-24551 | Iproom | Open Redirect vulnerability in Iproom Mmc+ 3.2.2 IProom MMC+ Server login page does not validate specific parameters properly. | 6.1 |
2020-10-12 | CVE-2020-12670 | Webmin | Cross-site Scripting vulnerability in Webmin XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. | 6.1 |
2020-10-12 | CVE-2020-5142 | Sonicwall | Cross-site Scripting vulnerability in Sonicwall Sonicos and Sonicosv A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. | 6.1 |
2020-10-14 | CVE-2020-25778 | Trendmicro | Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. | 6.0 |
2020-10-16 | CVE-2020-9909 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 5.9 |
2020-10-16 | CVE-2020-27194 | Linux | Incorrect Conversion between Numeric Types vulnerability in Linux Kernel An issue was discovered in the Linux kernel before 5.8.15. | 5.5 |
2020-10-16 | CVE-2020-9976 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. | 5.5 |
2020-10-16 | CVE-2020-9968 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved restrictions. | 5.5 |
2020-10-16 | CVE-2020-9964 | Apple | Improper Initialization vulnerability in Apple Iphone OS A memory initialization issue was addressed with improved memory handling. | 5.5 |
2020-10-16 | CVE-2020-9934 | Apple | Unspecified vulnerability in Apple mac OS X An issue existed in the handling of environment variables. | 5.5 |
2020-10-16 | CVE-2020-9913 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with improved data protection. | 5.5 |
2020-10-16 | CVE-2020-9885 | Apple | Insufficient Verification of Data Authenticity vulnerability in Apple products An issue existed in the handling of iMessage tapbacks. | 5.5 |
2020-10-16 | CVE-2020-24352 | Qemu | Out-of-bounds Write vulnerability in Qemu An issue was discovered in QEMU through 5.1.0. | 5.5 |
2020-10-15 | CVE-2020-6107 | F2Fs Tools Project | Improper Check for Unusual or Exceptional Conditions vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. | 5.5 |
2020-10-15 | CVE-2020-6106 | F2Fs Tools Project | Incorrect Calculation of Buffer Size vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. | 5.5 |
2020-10-15 | CVE-2020-6104 | F2Fs Tools Project | Out-of-bounds Read vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0 An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. | 5.5 |
2020-10-15 | CVE-2020-6376 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 5.5 |
2020-10-15 | CVE-2020-6375 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 5.5 |
2020-10-14 | CVE-2020-6933 | Blackberry | Improper Input Validation vulnerability in Blackberry Unified Endpoint Manager An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. | 5.5 |
2020-10-14 | CVE-2020-0419 | Missing Authorization vulnerability in Google Android In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. | 5.5 | |
2020-10-14 | CVE-2020-0415 | Unspecified vulnerability in Google Android In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. | 5.5 | |
2020-10-14 | CVE-2020-0410 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. | 5.5 | |
2020-10-14 | CVE-2020-0400 | Unspecified vulnerability in Google Android 10.0/11.0 In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. | 5.5 | |
2020-10-14 | CVE-2020-0398 | Unspecified vulnerability in Google Android 10.0/11.0 In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. | 5.5 | |
2020-10-14 | CVE-2020-0378 | Missing Authorization vulnerability in Google Android 10.0/11.0/9.0 In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. | 5.5 | |
2020-10-14 | CVE-2020-0246 | Missing Authorization vulnerability in Google Android 10.0/11.0 In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. | 5.5 | |
2020-10-13 | CVE-2020-12933 | AMD | Out-of-bounds Read vulnerability in AMD Atikmdag.Sys 26.20.15029.27017 A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. | 5.5 |
2020-10-13 | CVE-2020-12911 | AMD | Out-of-bounds Read vulnerability in AMD Atikmdag.Sys 26.20.15029.27017 A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. | 5.5 |
2020-10-12 | CVE-2020-15250 | Junit Debian Apache Oracle | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. | 5.5 |
2020-10-12 | CVE-2020-9240 | Huawei | Classic Buffer Overflow vulnerability in Huawei Taurus-An00B Firmware Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. | 5.5 |
2020-10-12 | CVE-2020-9108 | Huawei | Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. | 5.5 |
2020-10-12 | CVE-2020-9107 | Huawei | Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. | 5.5 |
2020-10-12 | CVE-2020-9091 | Huawei | Out-of-bounds Write vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156(C00E155R7P2) Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. | 5.5 |
2020-10-12 | CVE-2020-9087 | Huawei | Out-of-bounds Read vulnerability in Huawei Taurus-Al00A Firmware 10.0.0.1(C00E1R1P1) Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. | 5.5 |
2020-10-18 | CVE-2020-13893 | Sage | Cross-site Scripting vulnerability in Sage Easypay 10.7.5.10 Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | 5.4 |
2020-10-16 | CVE-2020-26672 | Testimonial Rotator Project | Cross-site Scripting vulnerability in Testimonial Rotator Project Testimonial Rotator Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. | 5.4 |
2020-10-15 | CVE-2020-15793 | Siemens | Unspecified vulnerability in Siemens Desigo Insight 4.0/5.0/6.0 A vulnerability has been identified in Desigo Insight (All versions). | 5.4 |
2020-10-15 | CVE-2020-6368 | SAP | Cross-site Scripting vulnerability in SAP Business Planning and Consolidation SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | 5.4 |
2020-10-15 | CVE-2020-6272 | SAP | Cross-site Scripting vulnerability in SAP Commerce Cloud SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. | 5.4 |
2020-10-14 | CVE-2020-4395 | IBM | Insufficient Session Expiration vulnerability in IBM Security Access Manager Appliance 9.0.7 IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 5.4 |
2020-10-14 | CVE-2020-25777 | Trendmicro | Unspecified vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. | 5.4 |
2020-10-12 | CVE-2020-8821 | Webmin | Cross-site Scripting vulnerability in Webmin An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. | 5.4 |
2020-10-12 | CVE-2020-8820 | Webmin | Cross-site Scripting vulnerability in Webmin An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. | 5.4 |
2020-10-12 | CVE-2020-4741 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. | 5.4 |
2020-10-12 | CVE-2020-4681 | IBM | Cross-site Scripting vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to cross-site scripting. | 5.4 |
2020-10-12 | CVE-2020-4680 | IBM | Cross-site Scripting vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to cross-site scripting. | 5.4 |
2020-10-12 | CVE-2020-4775 | IBM | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.4 |
2020-10-12 | CVE-2020-4774 | IBM | XML Injection (aka Blind XPath Injection) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. | 5.4 |
2020-10-12 | CVE-2020-14184 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. | 5.4 |
2020-10-16 | CVE-2020-9916 | Apple | Unspecified vulnerability in Apple products A URL Unicode encoding issue was addressed with improved state management. | 5.3 |
2020-10-15 | CVE-2020-14185 | Atlassian | Missing Authorization vulnerability in Atlassian Jira Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. | 5.3 |
2020-10-15 | CVE-2020-1777 | Otrs | Information Exposure vulnerability in Otrs Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. | 5.3 |
2020-10-12 | CVE-2020-4780 | IBM | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. | 5.3 |
2020-10-12 | CVE-2020-4699 | IBM | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
2020-10-12 | CVE-2020-4661 | IBM | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
2020-10-12 | CVE-2020-4660 | IBM | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
2020-10-12 | CVE-2020-5143 | Sonicwall | Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. | 5.3 |
2020-10-12 | CVE-2020-4740 | IBM | Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. | 5.2 |
2020-10-12 | CVE-2020-4678 | IBM | Unspecified vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. | 4.9 |
2020-10-12 | CVE-2020-13341 | Gitlab | Type Confusion vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. | 4.9 |
2020-10-14 | CVE-2020-15253 | Grocy | Unspecified vulnerability in Grocy Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. | 4.8 |
2020-10-12 | CVE-2020-4679 | IBM | Cross-site Scripting vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to cross-site scripting. | 4.8 |
2020-10-15 | CVE-2020-6363 | SAP | Insufficient Session Expiration vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. | 4.6 |
2020-10-12 | CVE-2020-9110 | Huawei | Improper Input Validation vulnerability in Huawei Taurus-An00B Firmware Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. | 4.6 |
2020-10-12 | CVE-2020-9109 | Huawei | Improper Authentication vulnerability in Huawei products There is an information disclosure vulnerability in several smartphones. | 4.6 |
2020-10-12 | CVE-2020-9106 | Huawei | Path Traversal vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. | 4.6 |
2020-10-14 | CVE-2020-27013 | Trendmicro | Unspecified vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. | 4.4 |
2020-10-16 | CVE-2020-9894 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 4.3 |
2020-10-15 | CVE-2020-15794 | Siemens | Information Exposure Through an Error Message vulnerability in Siemens Desigo Insight 4.0/5.0/6.0 A vulnerability has been identified in Desigo Insight (All versions). | 4.3 |
2020-10-15 | CVE-2020-15792 | Siemens | Unspecified vulnerability in Siemens Desigo Insight 4.0/5.0/6.0 A vulnerability has been identified in Desigo Insight (All versions). | 4.3 |
2020-10-15 | CVE-2020-11646 | BR Automation | Unspecified vulnerability in Br-Automation products A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | 4.3 |
2020-10-15 | CVE-2020-6371 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | 4.3 |
2020-10-14 | CVE-2020-7318 | Mcafee | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9 Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 4.3 |
2020-10-14 | CVE-2020-7317 | Mcafee | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed. | 4.3 |
2020-10-12 | CVE-2020-13943 | Apache Debian Oracle | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. | 4.3 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-16 | CVE-2020-9933 | Apple | Unspecified vulnerability in Apple products An authorization issue was addressed with improved state management. | 3.3 |
2020-10-16 | CVE-2020-9912 | Apple | Unspecified vulnerability in Apple Safari A logic issue was addressed with improved restrictions. | 3.3 |
2020-10-14 | CVE-2020-0422 | Unspecified vulnerability in Google Android In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. | 3.3 | |
2020-10-14 | CVE-2020-0412 | Missing Authorization vulnerability in Google Android In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. | 3.3 | |
2020-10-13 | CVE-2020-17411 | Foxitsoftware | Unspecified vulnerability in Foxitsoftware 3D This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. | 3.3 |
2020-10-13 | CVE-2020-25779 | Trendmicro | Unspecified vulnerability in Trendmicro Antivirus 2020 Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. | 3.3 |
2020-10-16 | CVE-2020-9959 | Apple | Improper Locking vulnerability in Apple Iphone OS A lock screen issue allowed access to messages on a locked device. | 2.4 |
2020-10-14 | CVE-2020-25824 | Telegram | Missing Authentication for Critical Function vulnerability in Telegram Desktop Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. | 2.4 |