Weekly Vulnerabilities Reports > October 19 to 25, 2020
Overview
350 new vulnerabilities reported during this period, including 62 critical vulnerabilities and 177 high severity vulnerabilities. This weekly summary report vulnerabilities in 195 products from 96 vendors including HP, Apple, Cisco, Adobe, and Bigbluebutton. Vulnerabilities are notably categorized as "Expression Language Injection", "Out-of-bounds Write", "Cross-site Scripting", "Out-of-bounds Read", and "Classic Buffer Overflow".
- 233 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 118 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 231 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 65 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 40 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
62 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-23 | CVE-2020-25483 | Ucms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.4.8 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 9.8 |
2020-10-23 | CVE-2020-25466 | Crmeb | Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | 9.8 |
2020-10-22 | CVE-2020-15684 | Mozilla | Use After Free vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 81. | 9.8 |
2020-10-22 | CVE-2020-15683 | Mozilla Debian Opensuse | Use After Free vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. | 9.8 |
2020-10-22 | CVE-2019-17006 | Siemens Mozilla Netapp | Improper Input Validation vulnerability in multiple products In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. | 9.8 |
2020-10-22 | CVE-2020-27664 | Strapi | Unspecified vulnerability in Strapi admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | 9.8 |
2020-10-22 | CVE-2020-9898 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved entitlements. | 9.8 |
2020-10-22 | CVE-2020-15906 | Tiki | Improper Restriction of Excessive Authentication Attempts vulnerability in Tiki tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 9.8 |
2020-10-22 | CVE-2020-27619 | Python Fedoraproject Oracle | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 |
2020-10-21 | CVE-2020-27615 | Loginizer | SQL Injection vulnerability in Loginizer The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | 9.8 |
2020-10-21 | CVE-2020-27605 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." | 9.8 |
2020-10-20 | CVE-2020-3992 | Vmware | Use After Free vulnerability in VMWare Esxi 6.5/6.7 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. | 9.8 |
2020-10-20 | CVE-2020-5640 | Onethird | Unspecified vulnerability in Onethird 1.96C Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. | 9.8 |
2020-10-19 | CVE-2020-15256 | Object Path Project | Unspecified vulnerability in Object-Path Project Object-Path A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. | 9.8 |
2020-10-19 | CVE-2020-7172 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7171 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7170 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7169 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7168 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7167 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7166 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7165 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7164 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7163 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7162 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7161 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7160 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7159 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7158 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7157 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7156 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7155 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7154 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7153 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7152 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7151 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7150 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7149 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7148 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7147 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7146 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7145 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7144 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7143 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7142 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-7141 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24652 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24651 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24650 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24649 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24648 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24647 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24646 | HP | Out-of-bounds Write vulnerability in HP Intelligent Management Center A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-19 | CVE-2020-24629 | HP | Improper Authentication vulnerability in HP Intelligent Management Center A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
2020-10-22 | CVE-2020-9920 | Apple | Path Traversal vulnerability in Apple products A path handling issue was addressed with improved validation. | 9.1 |
2020-10-22 | CVE-2020-9906 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 9.1 |
2020-10-22 | CVE-2019-16127 | Microchip | Integer Overflow or Wraparound vulnerability in Microchip Advanced Software Framework 4 Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | 9.1 |
2020-10-22 | CVE-2020-9868 | Apple | Improper Certificate Validation vulnerability in Apple products A certificate validation issue existed when processing administrator added certificates. | 9.1 |
2020-10-22 | CVE-2020-27195 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. | 9.1 |
2020-10-21 | CVE-2020-15240 | Auth0 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 9.1 |
2020-10-20 | CVE-2020-15269 | Sparksolutions | Insufficient Session Expiration vulnerability in Sparksolutions Spree In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. | 9.1 |
2020-10-19 | CVE-2020-16159 | Gopro | Out-of-bounds Read vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). | 9.1 |
177 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-23 | CVE-2020-26561 | Belkin | Out-of-bounds Write vulnerability in Belkin Linksys WRT 160Nl Firmware 1.0.04 Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. | 8.8 |
2020-10-22 | CVE-2020-18129 | Eyoucms | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 8.8 |
2020-10-22 | CVE-2020-11853 | Microfocus HP | Arbitrary code execution vulnerability affecting multiple Micro Focus products. | 8.8 |
2020-10-22 | CVE-2020-24033 | FS | Cross-Site Request Forgery (CSRF) vulnerability in FS S3900 24T4S Firmware 1.7.0 An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. | 8.8 |
2020-10-21 | CVE-2020-3456 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 2.4(1.249) A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. | 8.8 |
2020-10-21 | CVE-2018-11764 | Apache | Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0 Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. | 8.8 |
2020-10-21 | CVE-2020-5651 | Tipsandtricks HQ | SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | 8.8 |
2020-10-20 | CVE-2020-9417 | Tibco | SQL Injection vulnerability in Tibco products The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. | 8.8 |
2020-10-20 | CVE-2019-4680 | IBM | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. | 8.8 |
2020-10-19 | CVE-2020-7195 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7194 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7193 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7192 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7191 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7190 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7189 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7188 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7187 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7186 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7185 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7184 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7183 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7182 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7181 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7180 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7179 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7178 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7177 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7176 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7175 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7174 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-7173 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-24630 | HP | Unspecified vulnerability in HP Intelligent Management Center A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
2020-10-19 | CVE-2020-16158 | Gopro | Out-of-bounds Write vulnerability in Gopro Gpmf-Parser GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). | 8.8 |
2020-10-19 | CVE-2020-15909 | Solarwinds | Session Fixation vulnerability in Solarwinds N-Central SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. | 8.8 |
2020-10-19 | CVE-2020-13778 | Rconfig | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 8.8 |
2020-10-21 | CVE-2020-3572 | Cisco | Memory Leak vulnerability in Cisco Firepower Threat Defense A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3571 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3563 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3562 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Firepower Threat Defense 6.3.0/6.4.0/6.5.0 A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3499 | Cisco | Resource Exhaustion vulnerability in Cisco Secure Firewall Management Center A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. | 8.6 |
2020-10-21 | CVE-2020-3436 | Cisco | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. | 8.6 |
2020-10-21 | CVE-2020-3373 | Cisco | Memory Leak vulnerability in Cisco products A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3304 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 8.6 |
2020-10-21 | CVE-2020-27613 | Bigbluebutton | Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | 8.4 |
2020-10-21 | CVE-2020-26896 | Lightning Network Daemon Project | Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. | 8.2 |
2020-10-22 | CVE-2020-26649 | Atomx | Missing Authorization vulnerability in Atomx Atomxcms 2 AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | 8.1 |
2020-10-21 | CVE-2020-3550 | Cisco | Path Traversal vulnerability in Cisco products A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. | 8.1 |
2020-10-21 | CVE-2020-3549 | Cisco | Inadequate Encryption Strength vulnerability in Cisco Firepower Threat Defense A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. | 8.1 |
2020-10-21 | CVE-2020-3410 | Cisco | Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.6.0/6.6.0.1 A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. | 8.1 |
2020-10-20 | CVE-2020-7748 | TS ED Project | Unspecified vulnerability in Ts.Ed Project Ts.Ed This affects the package @tsed/core before 5.65.7. | 8.1 |
2020-10-19 | CVE-2020-9113 | Huawei | Classic Buffer Overflow vulnerability in Huawei Mate 20 Firmware HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. | 8.0 |
2020-10-23 | CVE-2020-24848 | Fruitywifi Project | Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. | 7.8 |
2020-10-23 | CVE-2020-5990 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 7.8 |
2020-10-23 | CVE-2020-5978 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | 7.8 |
2020-10-23 | CVE-2020-5977 | Nvidia | Untrusted Search Path vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 7.8 |
2020-10-23 | CVE-2020-9331 | Cryptopro | Unspecified vulnerability in Cryptopro CSP CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. | 7.8 |
2020-10-23 | CVE-2020-26887 | AVM | Unspecified vulnerability in AVM Fritz!Box 7490 Firmware 7.20 FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism. | 7.8 |
2020-10-23 | CVE-2019-14719 | Verifone | Command Injection vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | 7.8 |
2020-10-23 | CVE-2019-14717 | Verifone | Classic Buffer Overflow vulnerability in Verifone Verix OS Qt000530 Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | 7.8 |
2020-10-23 | CVE-2019-14712 | Verifone | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | 7.8 |
2020-10-22 | CVE-2020-27671 | XEN Opensuse Debian Fedoraproject | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |
2020-10-22 | CVE-2020-27670 | XEN Opensuse Fedoraproject Debian | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 7.8 |
2020-10-22 | CVE-2020-10721 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven A flaw was found in the fabric8-maven-plugin 4.0.0 and later. | 7.8 |
2020-10-22 | CVE-2020-9990 | Apple | Race Condition vulnerability in Apple mac OS X A race condition was addressed with additional validation. | 7.8 |
2020-10-22 | CVE-2020-9985 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9984 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9980 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9940 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9938 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9937 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9928 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9927 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9919 | Apple | Out-of-bounds Write vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9904 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |
2020-10-22 | CVE-2020-9901 | Apple | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
2020-10-22 | CVE-2020-9900 | Apple | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
2020-10-22 | CVE-2020-9899 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9892 | Apple | Out-of-bounds Write vulnerability in Apple products Multiple memory corruption issues were addressed with improved state management. | 7.8 |
2020-10-22 | CVE-2020-9887 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9883 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9882 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9881 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9880 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9879 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9877 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9876 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9875 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed through improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9874 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9873 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9872 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9871 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9863 | Apple | Improper Initialization vulnerability in Apple products A memory initialization issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9854 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved validation. | 7.8 |
2020-10-22 | CVE-2020-9853 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved validation. | 7.8 |
2020-10-22 | CVE-2020-3915 | Apple | Unspecified vulnerability in Apple mac OS X A path handling issue was addressed with improved validation. | 7.8 |
2020-10-22 | CVE-2020-3898 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved validation. | 7.8 |
2020-10-21 | CVE-2020-24425 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Dreamweaver Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. | 7.8 |
2020-10-21 | CVE-2020-24424 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Premiere PRO 14.1/14.2/14.4 Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-24423 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Media Encoder Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-24420 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Photoshop Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-24419 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe After Effects Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-24418 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2020-10-21 | CVE-2020-9750 | Adobe | Out-of-bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-9749 | Adobe | Out-of-bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-9748 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-9747 | Adobe | Double Free vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-24422 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud 2.1/5.2 Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2020-10-21 | CVE-2020-3459 | Cisco | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
2020-10-21 | CVE-2020-3455 | Cisco | Unspecified vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. | 7.8 |
2020-10-21 | CVE-2020-10139 | Acronis | Improper Initialization vulnerability in Acronis True Image 2021 Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. | 7.8 |
2020-10-21 | CVE-2020-10138 | Acronis | Improper Initialization vulnerability in Acronis Cyber Backup and Cyber Protect Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. | 7.8 |
2020-10-20 | CVE-2020-24415 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 7.8 |
2020-10-20 | CVE-2020-24414 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 7.8 |
2020-10-20 | CVE-2020-24413 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 7.8 |
2020-10-20 | CVE-2020-24412 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 7.8 |
2020-10-20 | CVE-2020-24411 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. | 7.8 |
2020-10-20 | CVE-2020-24410 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. | 7.8 |
2020-10-20 | CVE-2020-24409 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. | 7.8 |
2020-10-20 | CVE-2020-15264 | Chocolatey | Unspecified vulnerability in Chocolatey Boxstarter The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. | 7.8 |
2020-10-19 | CVE-2020-9263 | Huawei | Use After Free vulnerability in Huawei Mate 30 Firmware and P30 Firmware HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. | 7.8 |
2020-10-19 | CVE-2020-9112 | Huawei | Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. | 7.8 |
2020-10-20 | CVE-2020-3982 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. | 7.7 |
2020-10-22 | CVE-2020-25186 | WE CON | XXE vulnerability in We-Con Levistudiou An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | 7.5 |
2020-10-22 | CVE-2020-15681 | Mozilla | Unspecified vulnerability in Mozilla Firefox When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. | 7.5 |
2020-10-22 | CVE-2020-13327 | Gitlab | Unspecified vulnerability in Gitlab Runner An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. | 7.5 |
2020-10-22 | CVE-2019-17007 | Mozilla Siemens | Improper Certificate Validation vulnerability in multiple products In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | 7.5 |
2020-10-22 | CVE-2020-9924 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 7.5 |
2020-10-22 | CVE-2020-9905 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved bounds checking. | 7.5 |
2020-10-22 | CVE-2020-27665 | Strapi | Incorrect Default Permissions vulnerability in Strapi In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | 7.5 |
2020-10-22 | CVE-2020-9869 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 7.5 |
2020-10-22 | CVE-2020-9828 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 7.5 |
2020-10-22 | CVE-2020-27155 | Octopus | Unspecified vulnerability in Octopus Deploy An issue was discovered in Octopus Deploy through 2020.4.4. | 7.5 |
2020-10-22 | CVE-2020-27638 | Fastd Project Debian Fedoraproject | Reachable Assertion vulnerability in multiple products receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | 7.5 |
2020-10-21 | CVE-2020-17355 | Arista | Unspecified vulnerability in Arista EOS Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed. | 7.5 |
2020-10-21 | CVE-2020-15266 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. | 7.5 | |
2020-10-21 | CVE-2020-15265 | Unspecified vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. | 7.5 | |
2020-10-21 | CVE-2020-3555 | Cisco | Improper Resource Shutdown or Release vulnerability in Cisco Firepower Threat Defense A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-3554 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2020-10-21 | CVE-2020-3533 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. | 7.5 |
2020-10-21 | CVE-2020-3529 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-3528 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-3317 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. | 7.5 |
2020-10-21 | CVE-2020-27610 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | 7.5 |
2020-10-21 | CVE-2020-27603 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 7.5 |
2020-10-20 | CVE-2020-25648 | Mozilla Redhat Fedoraproject Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. | 7.5 |
2020-10-20 | CVE-2020-25157 | Advantech | SQL Injection vulnerability in Advantech R-Seenet The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | 7.5 |
2020-10-20 | CVE-2020-24765 | Mind | Forced Browsing vulnerability in Mind Imind Server 3.13.65 InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | 7.5 |
2020-10-20 | CVE-2020-15931 | Netwrix | Information Exposure vulnerability in Netwrix Account Lockout Examiner Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | 7.5 |
2020-10-20 | CVE-2019-9080 | Domainmod | Use of Password Hash With Insufficient Computational Effort vulnerability in Domainmod DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | 7.5 |
2020-10-19 | CVE-2020-6085 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.5 |
2020-10-19 | CVE-2020-6084 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.5 |
2020-10-19 | CVE-2020-24388 | Yubico Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. | 7.5 |
2020-10-19 | CVE-2020-24387 | Yubico Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. | 7.5 |
2020-10-19 | CVE-2020-16161 | Gopro | Divide By Zero vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). | 7.5 |
2020-10-19 | CVE-2020-16160 | Gopro | Divide By Zero vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). | 7.5 |
2020-10-19 | CVE-2020-24266 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tcpreplay tcpprep v4.3.3. | 7.5 |
2020-10-19 | CVE-2020-24265 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tcpreplay tcpprep v4.3.3. | 7.5 |
2020-10-21 | CVE-2020-3577 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 7.4 |
2020-10-20 | CVE-2020-3994 | Vmware | Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. | 7.4 |
2020-10-21 | CVE-2020-17381 | Ghisler | Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51 An issue was discovered in Ghisler Total Commander 9.51. | 7.3 |
2020-10-21 | CVE-2020-27611 | Bigbluebutton | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 7.3 |
2020-10-21 | CVE-2020-10140 | Acronis | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021 Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. | 7.3 |
2020-10-19 | CVE-2020-15822 | Jetbrains | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | 7.3 |
2020-10-21 | CVE-2020-15244 | Openmage | Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. | 7.2 |
2020-10-20 | CVE-2020-5792 | Nagios | Argument Injection or Modification vulnerability in Nagios XI 5.7.3 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 7.2 |
2020-10-20 | CVE-2020-5791 | Nagios | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
2020-10-22 | CVE-2020-9994 | Apple | Unspecified vulnerability in Apple products A path handling issue was addressed with improved validation. | 7.1 |
2020-10-22 | CVE-2020-9929 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 7.1 |
2020-10-22 | CVE-2020-9908 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 7.1 |
2020-10-22 | CVE-2020-9779 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 7.1 |
2020-10-22 | CVE-2020-9771 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with a new entitlement. | 7.1 |
2020-10-23 | CVE-2020-27216 | Eclipse Netapp Oracle Apache Debian | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. | 7.0 |
2020-10-23 | CVE-2019-14711 | Verifone | Race Condition vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | 7.0 |
2020-10-22 | CVE-2020-27672 | XEN Fedoraproject Opensuse Debian | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 7.0 |
2020-10-22 | CVE-2020-9921 | Apple | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 7.0 |
2020-10-22 | CVE-2020-9796 | Apple | Race Condition vulnerability in Apple mac OS X A race condition was addressed with improved state handling. | 7.0 |
106 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-23 | CVE-2019-14715 | Verifone | Out-of-bounds Write vulnerability in Verifone products Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | 6.8 |
2020-10-22 | CVE-2019-16128 | Microchip | Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | 6.8 |
2020-10-22 | CVE-2019-16129 | Microchip | Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | 6.8 |
2020-10-22 | CVE-2020-9810 | Apple | Unspecified vulnerability in Apple mac OS X 10.15.4 A logic issue was addressed with improved restrictions. | 6.8 |
2020-10-23 | CVE-2019-14718 | Verifone | Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | 6.7 |
2020-10-21 | CVE-2020-3514 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. | 6.7 |
2020-10-21 | CVE-2020-3458 | Cisco | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. | 6.7 |
2020-10-21 | CVE-2020-3457 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
2020-10-19 | CVE-2020-15261 | Veyon | Unspecified vulnerability in Veyon On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. | 6.7 |
2020-10-19 | CVE-2020-11496 | Sprecher Automation | Command Injection vulnerability in Sprecher-Automation Sprecon-E Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. | 6.7 |
2020-10-23 | CVE-2019-14716 | Verifone | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | 6.6 |
2020-10-23 | CVE-2020-3998 | Vmware | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. | 6.5 |
2020-10-22 | CVE-2020-15682 | Mozilla | Origin Validation Error vulnerability in Mozilla Firefox When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. | 6.5 |
2020-10-22 | CVE-2018-18508 | Mozilla Siemens | NULL Pointer Dereference vulnerability in multiple products In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | 6.5 |
2020-10-22 | CVE-2020-27646 | Biscom | Unspecified vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | 6.5 |
2020-10-21 | CVE-2020-3578 | Cisco | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. | 6.5 |
2020-10-21 | CVE-2020-27607 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. | 6.5 |
2020-10-21 | CVE-2020-27604 | Bigbluebutton | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 6.5 |
2020-10-21 | CVE-2020-6648 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | 6.5 |
2020-10-21 | CVE-2020-25820 | Bigbluebutton | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 6.5 |
2020-10-20 | CVE-2020-5790 | Nagios | Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 6.5 |
2020-10-20 | CVE-2020-6366 | SAP | Improper Input Validation vulnerability in SAP Netweaver Compare Systems SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. | 6.5 |
2020-10-20 | CVE-2020-6362 | SAP | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.5 |
2020-10-19 | CVE-2020-24375 | Free | Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 6.5 |
2020-10-22 | CVE-2020-9939 | Apple | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple mac OS X This issue was addressed with improved checks. | 6.4 |
2020-10-22 | CVE-2020-27642 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.7.6 A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | 6.1 |
2020-10-22 | CVE-2020-27620 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos 1.34.0/1.35.0 The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. | 6.1 |
2020-10-21 | CVE-2020-17454 | Wso2 | Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. | 6.1 |
2020-10-21 | CVE-2020-27344 | Cminds | Cross-site Scripting vulnerability in Cminds CM Download Manager The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | 6.1 |
2020-10-21 | CVE-2020-3599 | Cisco | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2020-10-21 | CVE-2020-3583 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3582 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3581 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3580 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3558 | Cisco | Open Redirect vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
2020-10-21 | CVE-2020-3553 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2020-10-21 | CVE-2020-3515 | Cisco | Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2020-10-21 | CVE-2020-5650 | Tipsandtricks HQ | Cross-site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 |
2020-10-21 | CVE-2020-27608 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | 6.1 |
2020-10-20 | CVE-2020-24416 | Adobe | Cross-site Scripting vulnerability in Adobe Marketo Sales Insight Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
2020-10-20 | CVE-2020-4748 | IBM | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 6.1 |
2020-10-20 | CVE-2020-16246 | GE | Unspecified vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | 6.1 |
2020-10-20 | CVE-2020-6367 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Composite Application Framework There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. | 6.1 |
2020-10-19 | CVE-2020-15263 | Orchid | Unspecified vulnerability in Orchid Platform In platform before version 9.4.4, inline attributes are not properly escaped. | 6.1 |
2020-10-19 | CVE-2020-10746 | Infinispan | Unspecified vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0 A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. | 6.1 |
2020-10-19 | CVE-2019-13633 | Blinger | Cross-site Scripting vulnerability in Blinger 1.0.2519 Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. | 6.1 |
2020-10-19 | CVE-2020-26891 | Matrix | Cross-site Scripting vulnerability in Matrix Synapse AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. | 6.1 |
2020-10-20 | CVE-2020-3993 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. | 5.9 |
2020-10-20 | CVE-2020-6369 | SAP | Unspecified vulnerability in SAP Focused RUN and Solution Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. | 5.9 |
2020-10-21 | CVE-2020-3565 | Cisco | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |
2020-10-21 | CVE-2020-3299 | Cisco Snort | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. | 5.8 |
2020-10-20 | CVE-2020-3981 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. | 5.8 |
2020-10-23 | CVE-2020-9361 | Cryptopro | Unspecified vulnerability in Cryptopro CSP 5.0.0.10004 CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | 5.5 |
2020-10-23 | CVE-2019-14713 | Verifone | Unspecified vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | 5.5 |
2020-10-22 | CVE-2020-3996 | Vmware | Unspecified vulnerability in VMWare Velero Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | 5.5 |
2020-10-22 | CVE-2020-27673 | Linux Debian Opensuse XEN | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 5.5 |
2020-10-22 | CVE-2020-9997 | Apple | Unspecified vulnerability in Apple mac OS X An information disclosure issue was addressed with improved state management. | 5.5 |
2020-10-22 | CVE-2020-9902 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 5.5 |
2020-10-22 | CVE-2020-9772 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved restrictions. | 5.5 |
2020-10-22 | CVE-2020-3918 | Apple | Unspecified vulnerability in Apple products An access issue was addressed with additional sandbox restrictions. | 5.5 |
2020-10-21 | CVE-2020-24421 | Adobe | Unspecified vulnerability in Adobe Indesign Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. | 5.5 |
2020-10-21 | CVE-2020-3352 | Cisco | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. | 5.5 |
2020-10-20 | CVE-2020-4756 | IBM | Improper Resource Shutdown or Release vulnerability in IBM Elastic Storage Server and Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. | 5.5 |
2020-10-20 | CVE-2020-4491 | IBM | Unspecified vulnerability in IBM Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. | 5.5 |
2020-10-20 | CVE-2020-6315 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | 5.5 |
2020-10-23 | CVE-2020-27388 | Yourls | Cross-site Scripting vulnerability in Yourls Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. | 5.4 |
2020-10-23 | CVE-2020-3997 | Vmware | Cross-site Scripting vulnerability in VMWare Horizon VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. | 5.4 |
2020-10-23 | CVE-2018-8062 | Comtrend | Cross-site Scripting vulnerability in Comtrend Ar-5387Un Firmware A731410Jazc04R02.A2Pd035G.D23I A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | 5.4 |
2020-10-22 | CVE-2020-27666 | Strapi | Cross-site Scripting vulnerability in Strapi Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | 5.4 |
2020-10-22 | CVE-2020-27533 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.8 A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 5.4 |
2020-10-20 | CVE-2020-4755 | IBM | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 5.4 |
2020-10-20 | CVE-2020-4564 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. | 5.4 |
2020-10-22 | CVE-2020-27674 | XEN Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 5.3 |
2020-10-22 | CVE-2020-15680 | Mozilla | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.3 |
2020-10-22 | CVE-2020-9787 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved restrictions. | 5.3 |
2020-10-22 | CVE-2020-26650 | Atomx | Exposure of Resource to Wrong Sphere vulnerability in Atomx Atomxcms 2.0 AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | 5.3 |
2020-10-21 | CVE-2020-3564 | Cisco | Interpretation Conflict vulnerability in Cisco Firepower Threat Defense A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. | 5.3 |
2020-10-21 | CVE-2020-3557 | Cisco | Improper Certificate Validation vulnerability in Cisco Secure Firewall Management Center A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.3 |
2020-10-21 | CVE-2020-27609 | Bigbluebutton | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. | 5.3 |
2020-10-21 | CVE-2020-27606 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.3 |
2020-10-21 | CVE-2020-26895 | Lightning Network Daemon Project | Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. | 5.3 |
2020-10-20 | CVE-2020-3995 | Vmware | Memory Leak vulnerability in VMWare products In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. | 5.3 |
2020-10-20 | CVE-2020-6308 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.3 |
2020-10-19 | CVE-2020-13937 | Apache | Insecure Storage of Sensitive Information vulnerability in Apache Kylin Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | 5.3 |
2020-10-19 | CVE-2020-8929 | Unspecified vulnerability in Google Tink A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. | 5.3 | |
2020-10-23 | CVE-2020-15002 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | 5.0 |
2020-10-23 | CVE-2020-15004 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3 OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | 4.8 |
2020-10-20 | CVE-2020-6370 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Design Time Repository SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.8 |
2020-10-22 | CVE-2020-27675 | Linux Fedoraproject Debian | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 4.7 |
2020-10-21 | CVE-2020-3561 | Cisco | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |
2020-10-19 | CVE-2020-15910 | Solarwinds | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds N-Central 12.3 SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. | 4.7 |
2020-10-19 | CVE-2020-9092 | Huawei | Cross-site Scripting vulnerability in Huawei Mate 20 Firmware HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. | 4.6 |
2020-10-19 | CVE-2020-9111 | Huawei | Unspecified vulnerability in Huawei E6878-370 Firmware and E6878-870 Firmware E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. | 4.5 |
2020-10-23 | CVE-2020-24847 | Fruitywifi Project | Cross-Site Request Forgery (CSRF) vulnerability in Fruitywifi Project Fruitywifi A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. | 4.3 |
2020-10-23 | CVE-2020-15003 | Open Xchange | Unspecified vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3 OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | 4.3 |
2020-10-22 | CVE-2020-15270 | Parseplatform | Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. | 4.3 |
2020-10-22 | CVE-2020-9935 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 4.3 |
2020-10-22 | CVE-2020-27621 | Mediawiki | Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. | 4.3 |
2020-10-21 | CVE-2020-27612 | Bigbluebutton | Information Exposure vulnerability in Bigbluebutton Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window. | 4.3 |
2020-10-20 | CVE-2020-7371 | Raiseitsolutions | Improper Restriction of Rendered UI Layers or Frames vulnerability in Raiseitsolutions Rits Browser 3.3.9 User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7370 | Boltbrowser | Missing Authentication for Critical Function vulnerability in Boltbrowser Bolt Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7369 | Yandex | Missing Authentication for Critical Function vulnerability in Yandex Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7364 | Ucweb | Unspecified vulnerability in Ucweb UC Browser 11.2.5.932/13.0.8 User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7363 | Ucweb | Unspecified vulnerability in Ucweb UC Browser 11.2.5.932/13.0.8 User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-4749 | IBM | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2020-10-19 | CVE-2020-15245 | Sylius | Missing Authorization vulnerability in Sylius In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-21 | CVE-2020-3585 | Cisco | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. | 3.7 |
2020-10-19 | CVE-2020-15262 | Webpack Subresource Integrity Project | Insufficient Verification of Data Authenticity vulnerability in Webpack-Subresource-Integrity Project Webpack-Subresource-Integrity In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. | 3.7 |
2020-10-22 | CVE-2020-9986 | Apple | Unspecified vulnerability in Apple mac OS X A file access issue existed with certain home folder files. | 3.3 |
2020-10-22 | CVE-2020-27560 | Imagemagick Debian Opensuse | Divide By Zero vulnerability in multiple products ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | 3.3 |
2020-10-22 | CVE-2020-7020 | Elastic | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |