Weekly Vulnerabilities Reports > October 12 to 18, 2020

Overview

267 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 106 high severity vulnerabilities. This weekly summary report vulnerabilities in 237 products from 92 vendors including Apple, IBM, Google, SAP, and Huawei. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", "Improper Input Validation", and "Classic Buffer Overflow".

  • 159 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 55 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 168 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 44 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-15 CVE-2020-6364 SAP OS Command Injection vulnerability in SAP Introscope Enterprise Manager

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection.

10.0
2020-10-16 CVE-2020-1660 Juniper Unspecified vulnerability in Juniper Junos

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart.

9.9
2020-10-16 CVE-2020-26943 Openstack Unspecified vulnerability in Openstack Blazar-Dashboard

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0.

9.9
2020-10-17 CVE-2020-27197 Libtaxii Project
Eclecticiq
Server-Side Request Forgery (SSRF) vulnerability in multiple products

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser.

9.8
2020-10-16 CVE-2020-9918 Apple Out-of-bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

9.8
2020-10-16 CVE-2020-9895 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

9.8
2020-10-16 CVE-2020-9864 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved restrictions.

9.8
2020-10-16 CVE-2020-15254 Crossbeam Project Memory Leak vulnerability in Crossbeam Project Crossbeam

Crossbeam is a set of tools for concurrent programming.

9.8
2020-10-16 CVE-2020-26944 Aptean SQL Injection vulnerability in Aptean Product Configurator 4.61.0000

An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows.

9.8
2020-10-16 CVE-2019-19513 Un4Seen Out-of-bounds Write vulnerability in Un4Seen Bassmidi 2.4.12.1

The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability.

9.8
2020-10-15 CVE-2019-17640 Eclipse Path Traversal vulnerability in Eclipse Vert.X

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.

9.8
2020-10-15 CVE-2020-12504 Pepperl Fuchs
Korenix
Westermo
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
9.8
2020-10-15 CVE-2020-12501 Pepperl Fuchs
Korenix
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
9.8
2020-10-15 CVE-2020-4499 IBM Unspecified vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications.

9.8
2020-10-15 CVE-2020-27156 Veritas Incorrect Authorization vulnerability in Veritas Aptare 10.4

Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks.

9.8
2020-10-14 CVE-2020-8349 Lenovo Code Injection vulnerability in Lenovo Cloud Networking Operating System

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface.

9.8
2020-10-13 CVE-2020-13957 Apache Incorrect Authorization vulnerability in Apache Solr

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization.

9.8
2020-10-13 CVE-2020-17407 Microhardcorp Unspecified vulnerability in Microhardcorp Bullet-Lte Firmware

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112.

9.8
2020-10-13 CVE-2020-16124 ROS Integer Overflow or Wraparound vulnerability in ROS Ros-Comm

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior.

9.8
2020-10-12 CVE-2019-17444 Jfrog Weak Password Requirements vulnerability in Jfrog Artifactory

Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them.

9.8
2020-10-12 CVE-2020-26867 Pcvuesolutions Deserialization of Untrusted Data vulnerability in Pcvuesolutions Pcvue 12/8.10

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

9.8
2020-10-12 CVE-2020-5135 Sonicwall Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sonicwall Sonicos and Sonicosv

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

9.8
2020-10-16 CVE-2020-27176 Marktext Cross-site Scripting vulnerability in Marktext

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution.

9.6
2020-10-14 CVE-2020-15229 Sylabs
Opensuse
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
9.3
2020-10-16 CVE-2019-19885 Bender Missing Authorization vulnerability in Bender products

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system.

9.1
2020-10-14 CVE-2020-0376 Google Out-of-bounds Read vulnerability in Google Android

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156

9.1
2020-10-14 CVE-2020-0371 Google Out-of-bounds Read vulnerability in Google Android

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256

9.1
2020-10-14 CVE-2020-0367 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455

9.1
2020-10-14 CVE-2020-0339 Google Out-of-bounds Read vulnerability in Google Android

There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705

9.1
2020-10-14 CVE-2020-0283 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257

9.1

106 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-16 CVE-2020-9983 Apple
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write issue was addressed with improved bounds checking.

8.8
2020-10-16 CVE-2020-9951 Apple
Webkit
Debian
Use After Free vulnerability in multiple products

A use after free issue was addressed with improved memory management.

8.8
2020-10-16 CVE-2020-9948 Apple
Webkit
Debian
Type Confusion vulnerability in multiple products

A type confusion issue was addressed with improved memory handling.

8.8
2020-10-16 CVE-2020-9910 Apple Unspecified vulnerability in Apple products

Multiple issues were addressed with improved logic.

8.8
2020-10-16 CVE-2020-9893 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

8.8
2020-10-16 CVE-2020-9870 Apple Improper Input Validation vulnerability in Apple products

A logic issue was addressed with improved validation.

8.8
2020-10-16 CVE-2020-15252 Xwiki Injection vulnerability in Xwiki

In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution.

8.8
2020-10-16 CVE-2020-26682 Libass Project Integer Overflow or Wraparound vulnerability in Libass Project Libass 0.14.0

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

8.8
2020-10-15 CVE-2020-7591 Siemens Unspecified vulnerability in Siemens Siport MP 2.2/3.0.3/3.1.4

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1).

8.8
2020-10-15 CVE-2020-12502 Pepperl Fuchs
Korenix
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
8.8
2020-10-15 CVE-2020-5642 Onwebchat Cross-Site Request Forgery (CSRF) vulnerability in Onwebchat Live Chat - Live Support

Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2020-10-14 CVE-2020-8350 Lenovo Improper Authentication vulnerability in Lenovo Thinkpad Stack Wireless Router Firmware 1.1.3.4

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.

8.8
2020-10-14 CVE-2020-9746 Adobe NULL Pointer Dereference vulnerability in Adobe Flash Player

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution.

8.8
2020-10-14 CVE-2020-0416 Google Insecure Default Initialization of Resource vulnerability in Google Android

In multiple settings screens, there are possible tapjacking attacks due to an insecure default value.

8.8
2020-10-14 CVE-2020-7330 Mcafee Improper Privilege Management vulnerability in Mcafee Total Protection 4.0.161.1

Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables

8.8
2020-10-13 CVE-2020-17406 Microhardcorp Unspecified vulnerability in Microhardcorp Bullet-Lte Firmware

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112.

8.8
2020-10-16 CVE-2020-9865 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed by removing the vulnerable code.

8.6
2020-10-15 CVE-2020-27153 Bluez
Debian
Opensuse
Double Free vulnerability in multiple products

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c.

8.6
2020-10-12 CVE-2020-15012 Sonatype Path Traversal vulnerability in Sonatype Nexus Repository Manager

A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19.

8.6
2020-10-15 CVE-2020-7334 Mcafee Improper Privilege Management vulnerability in Mcafee Application and Change Control

Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer.

8.2
2020-10-12 CVE-2020-4388 IBM Improper Handling of Exceptional Conditions vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks.

8.2
2020-10-16 CVE-2020-25214 Overwolf Unspecified vulnerability in Overwolf 0.149.2.30

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.

8.1
2020-10-15 CVE-2020-27157 Veritas Authentication Bypass by Capture-replay vulnerability in Veritas Aptare 10.4

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

8.1
2020-10-14 CVE-2020-7383 Rapid7 SQL Injection vulnerability in Rapid7 Nexpose

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.

8.1
2020-10-12 CVE-2020-4779 IBM Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.

8.1
2020-10-12 CVE-2020-4772 IBM XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.

8.1
2020-10-16 CVE-2020-15258 Wire Unspecified vulnerability in Wire

In Wire before 3.20.x, `shell.openExternal` was used without checking the URL.

8.0
2020-10-16 CVE-2020-9992 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.

7.8
2020-10-16 CVE-2020-9958 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9936 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9923 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved memory handling.

7.8
2020-10-16 CVE-2020-9907 Apple Out-of-bounds Write vulnerability in Apple Tvos

A memory corruption issue was addressed by removing the vulnerable code.

7.8
2020-10-16 CVE-2020-9891 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9890 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9889 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9888 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9884 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-9878 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

7.8
2020-10-16 CVE-2020-9862 Apple Improper Encoding or Escaping of Output vulnerability in Apple products

A command injection issue existed in Web Inspector.

7.8
2020-10-16 CVE-2020-9799 Apple Out-of-bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved bounds checking.

7.8
2020-10-16 CVE-2020-26893 Clamxav Insufficient Verification of Data Authenticity vulnerability in Clamxav

An issue was discovered in ClamXAV 3 before 3.1.1.

7.8
2020-10-15 CVE-2020-6108 F2Fs Tools Project Incorrect Calculation of Buffer Size vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0

An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13.

7.8
2020-10-15 CVE-2020-6105 F2Fs Tools Project Externally Controlled Reference to a Resource in Another Sphere vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0

An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13.

7.8
2020-10-15 CVE-2020-6374 SAP Out-of-bounds Read vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

7.8
2020-10-15 CVE-2020-6373 SAP Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

7.8
2020-10-15 CVE-2020-6372 SAP Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

7.8
2020-10-14 CVE-2020-8345 Lenovo Uncontrolled Search Path Element vulnerability in Lenovo Hardware Scan

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

7.8
2020-10-14 CVE-2020-8338 Lenovo Untrusted Search Path vulnerability in Lenovo Diagnostics

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.

7.8
2020-10-14 CVE-2020-3427 Cisco Unspecified vulnerability in Cisco DUO Authentication for Windows Logon and RDP

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths.

7.8
2020-10-14 CVE-2020-0423 Google
Debian
Improper Locking vulnerability in multiple products

In binder_release_work of binder.c, there is a possible use-after-free due to improper locking.

7.8
2020-10-14 CVE-2020-0421 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling.

7.8
2020-10-14 CVE-2020-0420 Google Missing Authorization vulnerability in Google Android 11.0

In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check.

7.8
2020-10-14 CVE-2020-0408 Google Integer Overflow or Wraparound vulnerability in Google Android

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow.

7.8
2020-10-14 CVE-2020-25188 Laquisscada Unspecified vulnerability in Laquisscada Scada 4.1.0.4150/4.3.1.71

An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).

7.8
2020-10-14 CVE-2019-2194 Google Incorrect Type Conversion or Cast vulnerability in Google Android 9.0

In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting.

7.8
2020-10-13 CVE-2020-12928 AMD Unspecified vulnerability in AMD Ryzen Master

A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.

7.8
2020-10-13 CVE-2020-17417 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811.

7.8
2020-10-13 CVE-2020-17416 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798.

7.8
2020-10-13 CVE-2020-17415 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798.

7.8
2020-10-13 CVE-2020-17414 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798.

7.8
2020-10-13 CVE-2020-17413 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware 3D

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798.

7.8
2020-10-13 CVE-2020-17412 Foxitsoftware Unspecified vulnerability in Foxitsoftware 3D

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798.

7.8
2020-10-13 CVE-2020-17410 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798.

7.8
2020-10-12 CVE-2020-4302 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.

7.8
2020-10-12 CVE-2020-9123 Huawei Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability.

7.8
2020-10-12 CVE-2020-9090 Huawei Unspecified vulnerability in Huawei Fusionaccess 6.5.1

FusionAccess version 6.5.1 has an improper authorization vulnerability.

7.8
2020-10-12 CVE-2020-7811 Samsung Deserialization of Untrusted Data vulnerability in Samsung Update

Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

7.8
2020-10-16 CVE-2020-1684 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption.

7.5
2020-10-16 CVE-2020-9931 Apple Improper Input Validation vulnerability in Apple Iphone OS

A denial of service issue was addressed with improved input validation.

7.5
2020-10-16 CVE-2020-9917 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

7.5
2020-10-16 CVE-2020-9914 Apple Improper Input Validation vulnerability in Apple Tvos

An input validation issue existed in Bluetooth.

7.5
2020-10-16 CVE-2020-9911 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

7.5
2020-10-16 CVE-2020-9903 Apple Origin Validation Error vulnerability in Apple Iphone OS

A logic issue was addressed with improved restrictions.

7.5
2020-10-16 CVE-2020-4254 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Guardium BIG Data Intelligence 1.0

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2020-10-16 CVE-2020-27178 Apereo Unspecified vulnerability in Apereo Central Authentication Service

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

7.5
2020-10-16 CVE-2020-25829 Powerdns
Opensuse
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.
7.5
2020-10-16 CVE-2020-27174 Amazon Memory Leak vulnerability in Amazon Firecracker

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input.

7.5
2020-10-16 CVE-2020-27173 VM Superio Project Allocation of Resources Without Limits or Throttling vulnerability in Vm-Superio Project Vm-Superio 0.1.0

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input).

7.5
2020-10-15 CVE-2020-25858 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm Mobile Access Point

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function.

7.5
2020-10-15 CVE-2020-11637 BR Automation Memory Leak vulnerability in Br-Automation Automation Runtime

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

7.5
2020-10-14 CVE-2020-0413 Google Out-of-bounds Read vulnerability in Google Android

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check.

7.5
2020-10-14 CVE-2020-0377 Google Out-of-bounds Read vulnerability in Google Android

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check.

7.5
2020-10-14 CVE-2020-6083 Rockwellautomation Classic Buffer Overflow vulnerability in Rockwellautomation Allen-Bradley Flex IO 1794-Aent/B Firmware 4.003

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B.

7.5
2020-10-14 CVE-2020-6087 Rockwellautomation Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B.

7.5
2020-10-14 CVE-2020-6086 Rockwellautomation Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent/B Firmware 4.003

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B.

7.5
2020-10-13 CVE-2020-25645 Linux
Debian
Netapp
Opensuse
Canonical
A flaw was found in the Linux kernel in versions before 5.9-rc7.
7.5
2020-10-13 CVE-2018-20243 Apache Insufficiently Protected Credentials vulnerability in Apache Fineract

The implementation of POST with the username and password in the URL parameters exposed the credentials.

7.5
2020-10-12 CVE-2020-26546 Evolutionscript SQL Injection vulnerability in Evolutionscript Helpdeskz 1.0.2

An issue was discovered in HelpDeskZ 1.0.2.

7.5
2020-10-12 CVE-2020-25825 Octopus Unspecified vulnerability in Octopus Deploy

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.

7.5
2020-10-12 CVE-2020-26869 Pcvuesolutions Unspecified vulnerability in Pcvuesolutions Pcvue 12/8.10

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users.

7.5
2020-10-12 CVE-2020-26868 Pcvuesolutions Exposure of Resource to Wrong Sphere vulnerability in Pcvuesolutions Pcvue 12/8.10

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients.

7.5
2020-10-12 CVE-2020-4778 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application.

7.5
2020-10-12 CVE-2020-4776 IBM Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system.

7.5
2020-10-12 CVE-2020-5140 Sonicwall Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak.

7.5
2020-10-12 CVE-2020-5139 Sonicwall Release of Invalid Pointer or Reference vulnerability in Sonicwall Sonicos and Sonicosv

A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash.

7.5
2020-10-12 CVE-2020-5138 Sonicwall Out-of-bounds Write vulnerability in Sonicwall Sonicos and Sonicosv

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash.

7.5
2020-10-12 CVE-2020-5137 Sonicwall Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv

A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash.

7.5
2020-10-12 CVE-2020-5133 Sonicwall Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv

A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash.

7.5
2020-10-16 CVE-2020-15255 Anuko Improper Neutralization of Formula Elements in a CSV File vulnerability in Anuko Time Tracker

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign).

7.3
2020-10-16 CVE-2020-1676 Juniper Unspecified vulnerability in Juniper Mist Cloud UI

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls.

7.2
2020-10-16 CVE-2020-4636 IBM Command Injection vulnerability in IBM Resilient Security Orchestration Automation and Response 38.2

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting.

7.2
2020-10-16 CVE-2020-15867 Gogs Unspecified vulnerability in Gogs

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.

7.2
2020-10-16 CVE-2020-14144 Gitea OS Command Injection vulnerability in Gitea

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file).

7.2
2020-10-15 CVE-2020-12503 Pepperl Fuchs
Korenix
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
7.2
2020-10-16 CVE-2020-9952 Apple
Webkit
Cross-site Scripting vulnerability in multiple products

An input validation issue was addressed with improved input validation.

7.1
2020-10-16 CVE-2020-3991 Vmware Unspecified vulnerability in VMWare Horizon Client

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time.

7.1

123 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-16 CVE-2020-9946 Apple Improper Locking vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

6.8
2020-10-14 CVE-2020-15224 Openenclave Unspecified vulnerability in Openenclave

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application.

6.8
2020-10-13 CVE-2020-15797 Siemens Unspecified vulnerability in Siemens DCA Vantage Analyzer Firmware

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590.

6.8
2020-10-13 CVE-2020-7590 Siemens Unspecified vulnerability in Siemens DCA Vantage Analyzer Firmware

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590.

6.8
2020-10-12 CVE-2020-4689 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 is vulnerable to CVS Injection.

6.8
2020-10-15 CVE-2020-25859 Qualcomm OS Command Injection vulnerability in Qualcomm Qcmap

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request.

6.7
2020-10-15 CVE-2020-7327 Mcafee Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0

Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed

6.7
2020-10-15 CVE-2020-7326 Mcafee Authentication Bypass by Spoofing vulnerability in Mcafee Active Response

Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed

6.7
2020-10-16 CVE-2019-12305 Actions Micro Unspecified vulnerability in Actions-Micro Ezcast PRO II Firmware

In EZCast Pro II, the administrator password md5 hash is provided upon a web request.

6.5
2020-10-16 CVE-2020-26183 Dell Files or Directories Accessible to External Parties vulnerability in Dell EMC Networker

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability.

6.5
2020-10-16 CVE-2020-26182 Dell Files or Directories Accessible to External Parties vulnerability in Dell EMC Networker

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability.

6.5
2020-10-16 CVE-2020-9915 Apple Unspecified vulnerability in Apple products

An access issue existed in Content Security Policy.

6.5
2020-10-16 CVE-2020-14299 Redhat Improper Authentication vulnerability in Redhat products

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode.

6.5
2020-10-16 CVE-2019-18796 Un4Seen Infinite Loop vulnerability in Un4Seen Bass 2.4.14.1

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file.

6.5
2020-10-16 CVE-2019-18795 Un4Seen Out-of-bounds Read vulnerability in Un4Seen Bass 2.4.14.1

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file.

6.5
2020-10-16 CVE-2019-18794 Un4Seen Use After Free vulnerability in Un4Seen Bass 2.4.14.1

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file.

6.5
2020-10-15 CVE-2020-21674 Libarchive Out-of-bounds Write vulnerability in Libarchive 3.4.1

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.

6.5
2020-10-15 CVE-2020-11645 BR Automation Resource Exhaustion vulnerability in Br-Automation products

A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.

6.5
2020-10-15 CVE-2020-11644 BR Automation Unspecified vulnerability in Br-Automation products

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.

6.5
2020-10-15 CVE-2020-11643 BR Automation Information Exposure Through Log Files vulnerability in Br-Automation products

An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.

6.5
2020-10-15 CVE-2020-11642 BR Automation Files or Directories Accessible to External Parties vulnerability in Br-Automation Sitemanager

The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.

6.5
2020-10-15 CVE-2020-11641 BR Automation Files or Directories Accessible to External Parties vulnerability in Br-Automation Sitemanager

A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.

6.5
2020-10-14 CVE-2020-0414 Google Improper Initialization vulnerability in Google Android 10.0/11.0

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass.

6.5
2020-10-14 CVE-2020-0411 Google Use of Uninitialized Resource vulnerability in Google Android 10.0/11.0

In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data.

6.5
2020-10-13 CVE-2020-15251 Mirahezebots Missing Authorization vulnerability in Mirahezebots Channelmgnt 1.0.0/1.0.1/1.0.2

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel.

6.5
2020-10-13 CVE-2020-17409 Netgear Unspecified vulnerability in Netgear products

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66.

6.5
2020-10-12 CVE-2020-9238 Huawei Classic Buffer Overflow vulnerability in Huawei Taurus-An00B Firmware

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability.

6.5
2020-10-12 CVE-2020-9230 Huawei Insufficient Verification of Data Authenticity vulnerability in Huawei Ws5800-10 Firmware 10.0.3.25

WS5800-10 version 10.0.3.25 has a denial of service vulnerability.

6.5
2020-10-12 CVE-2020-9122 Huawei Improper Input Validation vulnerability in Huawei products

Some Huawei products have an insufficient input verification vulnerability.

6.5
2020-10-12 CVE-2020-4781 IBM Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service.

6.5
2020-10-12 CVE-2020-4773 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated.

6.5
2020-10-12 CVE-2020-5141 Sonicwall Improper Restriction of Excessive Authentication Attempts vulnerability in Sonicwall Sonicos and Sonicosv

A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service.

6.5
2020-10-12 CVE-2020-5136 Sonicwall Classic Buffer Overflow vulnerability in Sonicwall Sonicos and Sonicosv

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash.

6.5
2020-10-12 CVE-2020-5134 Sonicwall Out-of-bounds Read vulnerability in Sonicwall Sonicos and Sonicosv

A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash.

6.5
2020-10-14 CVE-2020-8332 Lenovo Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Lenovo products

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution.

6.4
2020-10-14 CVE-2020-3483 Cisco Insufficiently Protected Credentials vulnerability in Cisco DUO Network Gateway 1.3.3/1.5.7

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging.

6.3
2020-10-16 CVE-2020-9925 Apple Cross-site Scripting vulnerability in Apple products

A logic issue was addressed with improved state management.

6.1
2020-10-16 CVE-2020-15157 Linuxfoundation
Canonical
Debian
Insufficiently Protected Credentials vulnerability in multiple products

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.

6.1
2020-10-16 CVE-2020-24408 Magento Unspecified vulnerability in Magento

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component.

6.1
2020-10-16 CVE-2020-16270 Olimpoks Cross-site Scripting vulnerability in Olimpoks Olimpok

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS.

6.1
2020-10-16 CVE-2020-26584 Sagedpw Cross-site Scripting vulnerability in Sagedpw Sage DPW 202006000/202006001

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002.

6.1
2020-10-16 CVE-2020-26583 Sagedpw Unrestricted Upload of File with Dangerous Type vulnerability in Sagedpw Sage DPW 202006000/202006001

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002.

6.1
2020-10-16 CVE-2020-27163 Phpredisadmin Project Cross-site Scripting vulnerability in PHPredisadmin Project PHPredisadmin

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.

6.1
2020-10-15 CVE-2019-4552 IBM Unspecified vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks.

6.1
2020-10-15 CVE-2020-6365 SAP Open Redirect vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation.

6.1
2020-10-15 CVE-2020-6323 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

6.1
2020-10-15 CVE-2020-6319 SAP Cross-site Scripting vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed.

6.1
2020-10-14 CVE-2020-24188 Unitedplanet Cross-site Scripting vulnerability in Unitedplanet Intrexx 5.2/6.0

Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

6.1
2020-10-14 CVE-2020-24551 Iproom Open Redirect vulnerability in Iproom Mmc+ 3.2.2

IProom MMC+ Server login page does not validate specific parameters properly.

6.1
2020-10-12 CVE-2020-12670 Webmin Cross-site Scripting vulnerability in Webmin

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails.

6.1
2020-10-12 CVE-2020-5142 Sonicwall Cross-site Scripting vulnerability in Sonicwall Sonicos and Sonicosv

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface.

6.1
2020-10-14 CVE-2020-25778 Trendmicro Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2019/2020

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory.

6.0
2020-10-16 CVE-2020-9909 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

5.9
2020-10-16 CVE-2020-27194 Linux Incorrect Conversion between Numeric Types vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.8.15.

5.5
2020-10-16 CVE-2020-9976 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2020-10-16 CVE-2020-9968 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

5.5
2020-10-16 CVE-2020-9964 Apple Improper Initialization vulnerability in Apple Iphone OS

A memory initialization issue was addressed with improved memory handling.

5.5
2020-10-16 CVE-2020-9934 Apple Unspecified vulnerability in Apple mac OS X

An issue existed in the handling of environment variables.

5.5
2020-10-16 CVE-2020-9913 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved data protection.

5.5
2020-10-16 CVE-2020-9885 Apple Insufficient Verification of Data Authenticity vulnerability in Apple products

An issue existed in the handling of iMessage tapbacks.

5.5
2020-10-16 CVE-2020-24352 Qemu Out-of-bounds Write vulnerability in Qemu

An issue was discovered in QEMU through 5.1.0.

5.5
2020-10-15 CVE-2020-6107 F2Fs Tools Project Improper Check for Unusual or Exceptional Conditions vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0

An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13.

5.5
2020-10-15 CVE-2020-6106 F2Fs Tools Project Incorrect Calculation of Buffer Size vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0

An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13.

5.5
2020-10-15 CVE-2020-6104 F2Fs Tools Project Out-of-bounds Read vulnerability in F2Fs-Tools Project F2Fs-Tools 1.12.0/1.13.0

An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13.

5.5
2020-10-15 CVE-2020-6376 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

5.5
2020-10-15 CVE-2020-6375 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

5.5
2020-10-14 CVE-2020-6933 Blackberry Improper Input Validation vulnerability in Blackberry Unified Endpoint Manager

An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.

5.5
2020-10-14 CVE-2020-0419 Google Missing Authorization vulnerability in Google Android

In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check.

5.5
2020-10-14 CVE-2020-0415 Google Unspecified vulnerability in Google Android

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent.

5.5
2020-10-14 CVE-2020-0410 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error.

5.5
2020-10-14 CVE-2020-0400 Google Unspecified vulnerability in Google Android 10.0/11.0

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent.

5.5
2020-10-14 CVE-2020-0398 Google Unspecified vulnerability in Google Android 10.0/11.0

In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error.

5.5
2020-10-14 CVE-2020-0378 Google Missing Authorization vulnerability in Google Android 10.0/11.0/9.0

In onWnmFrameReceived of PasspointManager.java, there is a missing permission check.

5.5
2020-10-14 CVE-2020-0246 Google Missing Authorization vulnerability in Google Android 10.0/11.0

In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check.

5.5
2020-10-13 CVE-2020-12933 AMD Out-of-bounds Read vulnerability in AMD Atikmdag.Sys 26.20.15029.27017

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g.

5.5
2020-10-13 CVE-2020-12911 AMD Out-of-bounds Read vulnerability in AMD Atikmdag.Sys 26.20.15029.27017

A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g.

5.5
2020-10-12 CVE-2020-15250 Junit
Debian
Apache
Oracle
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability.

5.5
2020-10-12 CVE-2020-9240 Huawei Classic Buffer Overflow vulnerability in Huawei Taurus-An00B Firmware

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability.

5.5
2020-10-12 CVE-2020-9108 Huawei Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability.

5.5
2020-10-12 CVE-2020-9107 Huawei Out-of-bounds Write vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability.

5.5
2020-10-12 CVE-2020-9091 Huawei Out-of-bounds Write vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156(C00E155R7P2)

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability.

5.5
2020-10-12 CVE-2020-9087 Huawei Out-of-bounds Read vulnerability in Huawei Taurus-Al00A Firmware 10.0.0.1(C00E1R1P1)

Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module.

5.5
2020-10-18 CVE-2020-13893 Sage Cross-site Scripting vulnerability in Sage Easypay 10.7.5.10

Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).

5.4
2020-10-16 CVE-2020-26672 Testimonial Rotator Project Cross-site Scripting vulnerability in Testimonial Rotator Project Testimonial Rotator

Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php.

5.4
2020-10-15 CVE-2020-15793 Siemens Unspecified vulnerability in Siemens Desigo Insight 4.0/5.0/6.0

A vulnerability has been identified in Desigo Insight (All versions).

5.4
2020-10-15 CVE-2020-6368 SAP Cross-site Scripting vulnerability in SAP Business Planning and Consolidation

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.

5.4
2020-10-15 CVE-2020-6272 SAP Cross-site Scripting vulnerability in SAP Commerce Cloud

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components.

5.4
2020-10-14 CVE-2020-4395 IBM Insufficient Session Expiration vulnerability in IBM Security Access Manager Appliance 9.0.7

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

5.4
2020-10-14 CVE-2020-25777 Trendmicro Unspecified vulnerability in Trendmicro Antivirus 2019/2020

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product.

5.4
2020-10-12 CVE-2020-8821 Webmin Cross-site Scripting vulnerability in Webmin

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint.

5.4
2020-10-12 CVE-2020-8820 Webmin Cross-site Scripting vulnerability in Webmin

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint.

5.4
2020-10-12 CVE-2020-4741 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting.

5.4
2020-10-12 CVE-2020-4681 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 is vulnerable to cross-site scripting.

5.4
2020-10-12 CVE-2020-4680 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 is vulnerable to cross-site scripting.

5.4
2020-10-12 CVE-2020-4775 IBM Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.

5.4
2020-10-12 CVE-2020-4774 IBM XML Injection (aka Blind XPath Injection) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input.

5.4
2020-10-12 CVE-2020-14184 Atlassian Cross-site Scripting vulnerability in Atlassian Jira

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files.

5.4
2020-10-16 CVE-2020-9916 Apple Unspecified vulnerability in Apple products

A URL Unicode encoding issue was addressed with improved state management.

5.3
2020-10-15 CVE-2020-14185 Atlassian Missing Authorization vulnerability in Atlassian Jira

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource.

5.3
2020-10-15 CVE-2020-1777 Otrs Information Exposure vulnerability in Otrs

Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names.

5.3
2020-10-12 CVE-2020-4780 IBM Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10.

5.3
2020-10-12 CVE-2020-4699 IBM Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.

5.3
2020-10-12 CVE-2020-4661 IBM Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.

5.3
2020-10-12 CVE-2020-4660 IBM Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.

5.3
2020-10-12 CVE-2020-5143 Sonicwall Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv

SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses.

5.3
2020-10-12 CVE-2020-4740 IBM Cross-site Scripting vulnerability in IBM Infosphere Information Server 11.5/11.7

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection.

5.2
2020-10-12 CVE-2020-4678 IBM Unspecified vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to.

4.9
2020-10-12 CVE-2020-13341 Gitlab Type Confusion vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.

4.9
2020-10-14 CVE-2020-15253 Grocy Unspecified vulnerability in Grocy

Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List.

4.8
2020-10-12 CVE-2020-4679 IBM Cross-site Scripting vulnerability in IBM Security Guardium 11.2

IBM Security Guardium 11.2 is vulnerable to cross-site scripting.

4.8
2020-10-15 CVE-2020-6363 SAP Insufficient Session Expiration vulnerability in SAP Commerce Cloud

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user.

4.6
2020-10-12 CVE-2020-9110 Huawei Improper Input Validation vulnerability in Huawei Taurus-An00B Firmware

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability.

4.6
2020-10-12 CVE-2020-9109 Huawei Improper Authentication vulnerability in Huawei products

There is an information disclosure vulnerability in several smartphones.

4.6
2020-10-12 CVE-2020-9106 Huawei Path Traversal vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability.

4.6
2020-10-14 CVE-2020-27013 Trendmicro Unspecified vulnerability in Trendmicro Antivirus 2020

Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data.

4.4
2020-10-16 CVE-2020-9894 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

4.3
2020-10-15 CVE-2020-15794 Siemens Information Exposure Through an Error Message vulnerability in Siemens Desigo Insight 4.0/5.0/6.0

A vulnerability has been identified in Desigo Insight (All versions).

4.3
2020-10-15 CVE-2020-15792 Siemens Unspecified vulnerability in Siemens Desigo Insight 4.0/5.0/6.0

A vulnerability has been identified in Desigo Insight (All versions).

4.3
2020-10-15 CVE-2020-11646 BR Automation Unspecified vulnerability in Br-Automation products

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.

4.3
2020-10-15 CVE-2020-6371 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

4.3
2020-10-14 CVE-2020-7318 Mcafee Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator 5.10.0/5.10.9

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

4.3
2020-10-14 CVE-2020-7317 Mcafee Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.

4.3
2020-10-12 CVE-2020-13943 Apache
Debian
Oracle
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers.
4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-16 CVE-2020-9933 Apple Unspecified vulnerability in Apple products

An authorization issue was addressed with improved state management.

3.3
2020-10-16 CVE-2020-9912 Apple Unspecified vulnerability in Apple Safari

A logic issue was addressed with improved restrictions.

3.3
2020-10-14 CVE-2020-0422 Google Unspecified vulnerability in Google Android

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent.

3.3
2020-10-14 CVE-2020-0412 Google Missing Authorization vulnerability in Google Android

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check.

3.3
2020-10-13 CVE-2020-17411 Foxitsoftware Unspecified vulnerability in Foxitsoftware 3D

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798.

3.3
2020-10-13 CVE-2020-25779 Trendmicro Unspecified vulnerability in Trendmicro Antivirus 2020

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.

3.3
2020-10-16 CVE-2020-9959 Apple Improper Locking vulnerability in Apple Iphone OS

A lock screen issue allowed access to messages on a locked device.

2.4
2020-10-14 CVE-2020-25824 Telegram Missing Authentication for Critical Function vulnerability in Telegram Desktop

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard.

2.4