Weekly Vulnerabilities Reports > October 19 to 25, 2020
Overview
514 new vulnerabilities reported during this period, including 88 critical vulnerabilities and 99 high severity vulnerabilities. This weekly summary report vulnerabilities in 277 products from 103 vendors including Oracle, HP, Apple, Netapp, and Cisco. Vulnerabilities are notably categorized as "Expression Language Injection", "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", and "Classic Buffer Overflow".
- 406 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 122 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 347 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 163 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 64 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
88 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-22 | CVE-2019-17006 | Siemens Mozilla Netapp | Insufficient Verification of Data Authenticity vulnerability in multiple products In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. | 10.0 |
2020-10-21 | CVE-2020-14882 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 10.0 |
2020-10-21 | CVE-2020-14871 | Oracle | Out-of-bounds Write vulnerability in Oracle Solaris 10/11/9 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). | 10.0 |
2020-10-21 | CVE-2020-14859 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 10.0 |
2020-10-21 | CVE-2020-14855 | Oracle | Unspecified vulnerability in Oracle Universal Work Queue 12.1.3 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). | 10.0 |
2020-10-20 | CVE-2020-3992 | Vmware | Use After Free vulnerability in VMWare Esxi 6.5/6.7 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. | 10.0 |
2020-10-19 | CVE-2020-7172 | HP | Injection vulnerability in HP Intelligent Management Center A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7171 | HP | Injection vulnerability in HP Intelligent Management Center A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7170 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7169 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7168 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7167 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7166 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7165 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7164 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7163 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7162 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7161 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7160 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7159 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7158 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7157 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7156 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7155 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7154 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7153 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7152 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7151 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7150 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7149 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7148 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7147 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7146 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7145 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7144 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7143 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7142 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7141 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24652 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24651 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24650 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24649 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24648 | HP | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24647 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24646 | HP | Out-of-bounds Write vulnerability in HP Intelligent Management Center A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-24629 | HP | Improper Authentication vulnerability in HP Intelligent Management Center A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
2020-10-19 | CVE-2020-7745 | Mintegral | Code Injection vulnerability in Mintegral Mintegraladsdk This affects the package MintegralAdSDK before 6.6.0.0. | 10.0 |
2020-10-22 | CVE-2020-9898 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved entitlements. | 9.8 |
2020-10-22 | CVE-2020-27619 | Python Fedoraproject Oracle | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 |
2020-10-21 | CVE-2020-14875 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 9.4 |
2020-10-22 | CVE-2020-9928 | Apple | Unspecified vulnerability in Apple mac OS X Multiple memory corruption issues were addressed with improved memory handling. | 9.3 |
2020-10-22 | CVE-2020-9899 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 9.3 |
2020-10-21 | CVE-2020-24418 | Adobe | Out-of-bounds Read vulnerability in Adobe After Effects Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. | 9.3 |
2020-10-21 | CVE-2020-9750 | Adobe | Out-of-bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. | 9.3 |
2020-10-21 | CVE-2020-9749 | Adobe | Out-of-bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. | 9.3 |
2020-10-21 | CVE-2020-9748 | Adobe | Out-of-bounds Write vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. | 9.3 |
2020-10-21 | CVE-2020-9747 | Adobe | Double Free vulnerability in Adobe Animate 15.2.1.95/20.5 Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. | 9.3 |
2020-10-22 | CVE-2020-9920 | Apple | Path Traversal vulnerability in Apple products A path handling issue was addressed with improved validation. | 9.1 |
2020-10-22 | CVE-2020-9906 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 9.1 |
2020-10-22 | CVE-2020-9868 | Apple | Improper Certificate Validation vulnerability in Apple products A certificate validation issue existed when processing administrator added certificates. | 9.1 |
2020-10-21 | CVE-2018-11764 | Apache | Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0 Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. | 9.0 |
2020-10-21 | CVE-2020-14883 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 9.0 |
2020-10-21 | CVE-2020-14862 | Oracle | Unspecified vulnerability in Oracle Universal Work Queue Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). | 9.0 |
2020-10-19 | CVE-2020-7195 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7194 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7193 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7192 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7191 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7190 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7189 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7188 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7187 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7186 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7185 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7184 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7183 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7182 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7181 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7180 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7179 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7178 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7177 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7176 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7175 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7174 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-7173 | HP | Expression Language Injection vulnerability in HP Intelligent Management Center A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-24630 | HP | Improper Privilege Management vulnerability in HP Intelligent Management Center A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
2020-10-19 | CVE-2020-13778 | Rconfig | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 9.0 |
99 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-23 | CVE-2020-26561 | Belkin | Out-of-bounds Write vulnerability in Belkin Linksys WRT 160Nl Firmware 1.0.04 Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. | 8.8 |
2020-10-22 | CVE-2020-11853 | Microfocus HP | Arbitrary code execution vulnerability affecting multiple Micro Focus products. | 8.8 |
2020-10-21 | CVE-2020-3456 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 2.4(1.249) A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. | 8.8 |
2020-10-20 | CVE-2020-9417 | Tibco | SQL Injection vulnerability in Tibco products The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. | 8.8 |
2020-10-21 | CVE-2020-3572 | Cisco | Memory Leak vulnerability in Cisco Firepower Threat Defense A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3499 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Management Center A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. | 8.6 |
2020-10-21 | CVE-2020-3436 | Cisco | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Firepower Threat Defense A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. | 8.6 |
2020-10-21 | CVE-2020-3373 | Cisco | Memory Leak vulnerability in Cisco products A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. | 8.6 |
2020-10-21 | CVE-2020-3304 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 8.6 |
2020-10-21 | CVE-2020-14876 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 8.5 |
2020-10-21 | CVE-2020-14865 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Esupplier Connection 9.2 Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). | 8.5 |
2020-10-21 | CVE-2020-14858 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera 5 Property Services 5.5/5.6 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). | 8.5 |
2020-10-21 | CVE-2020-3410 | Cisco | Improper Authentication vulnerability in Cisco Firepower Management Center 6.6.0/6.6.0.1 A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. | 8.1 |
2020-10-20 | CVE-2020-7748 | TS ED Project | Unspecified vulnerability in Ts.Ed Project Ts.Ed This affects the package @tsed/core before 5.65.7. | 8.1 |
2020-10-21 | CVE-2020-14854 | Oracle | Unspecified vulnerability in Oracle Hyperion Infrastructure Technology 11.1.2.4 Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). | 7.9 |
2020-10-22 | CVE-2020-27671 | XEN Opensuse Debian Fedoraproject | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |
2020-10-22 | CVE-2020-27670 | XEN Opensuse Fedoraproject Debian | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 7.8 |
2020-10-22 | CVE-2020-9984 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9980 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9940 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9938 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9937 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9919 | Apple | Out-of-bounds Write vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9904 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |
2020-10-22 | CVE-2020-9901 | Apple | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
2020-10-22 | CVE-2020-9900 | Apple | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
2020-10-22 | CVE-2020-9892 | Apple | Out-of-bounds Write vulnerability in Apple products Multiple memory corruption issues were addressed with improved state management. | 7.8 |
2020-10-22 | CVE-2020-9883 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9882 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9881 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9880 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9879 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9877 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9876 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9875 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed through improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9874 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9873 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved input validation. | 7.8 |
2020-10-22 | CVE-2020-9872 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9871 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2020-10-22 | CVE-2020-9863 | Apple | Improper Initialization vulnerability in Apple products A memory initialization issue was addressed with improved memory handling. | 7.8 |
2020-10-22 | CVE-2020-9854 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved validation. | 7.8 |
2020-10-21 | CVE-2020-3571 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2020-10-21 | CVE-2020-3563 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2020-10-21 | CVE-2020-14864 | Oracle | Path Traversal vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). | 7.8 |
2020-10-21 | CVE-2020-14863 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 7.8 |
2020-10-21 | CVE-2020-14856 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 7.8 |
2020-10-21 | CVE-2020-14851 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 7.8 |
2020-10-21 | CVE-2020-14850 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). | 7.8 |
2020-10-21 | CVE-2020-14824 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 7.8 |
2020-10-19 | CVE-2020-6085 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.8 |
2020-10-19 | CVE-2020-6084 | Rockwellautomation | Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003 An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. | 7.8 |
2020-10-21 | CVE-2020-14878 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). | 7.7 |
2020-10-23 | CVE-2020-25483 | Ucms Project | Command Injection vulnerability in Ucms Project Ucms 1.4.8 An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 7.5 |
2020-10-23 | CVE-2020-25466 | Crmeb | Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0 A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | 7.5 |
2020-10-22 | CVE-2020-15684 | Mozilla | Unspecified vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 81. | 7.5 |
2020-10-22 | CVE-2020-15683 | Mozilla Debian Opensuse | Use After Free vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. | 7.5 |
2020-10-22 | CVE-2020-9905 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved bounds checking. | 7.5 |
2020-10-22 | CVE-2020-27664 | Strapi | Unspecified vulnerability in Strapi admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | 7.5 |
2020-10-22 | CVE-2020-15906 | Tiki | Improper Restriction of Excessive Authentication Attempts vulnerability in Tiki tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 7.5 |
2020-10-22 | CVE-2020-27638 | Fastd Project Debian Fedoraproject | Reachable Assertion vulnerability in multiple products receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | 7.5 |
2020-10-21 | CVE-2020-27615 | Loginizer | SQL Injection vulnerability in Loginizer The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | 7.5 |
2020-10-21 | CVE-2020-3555 | Cisco | Improper Resource Shutdown or Release vulnerability in Cisco Firepower Threat Defense A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-3554 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2020-10-21 | CVE-2020-3533 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. | 7.5 |
2020-10-21 | CVE-2020-3529 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-3528 | Cisco | Resource Exhaustion vulnerability in Cisco Firepower Threat Defense A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. | 7.5 |
2020-10-21 | CVE-2020-27611 | Bigbluebutton | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 7.5 |
2020-10-21 | CVE-2020-27605 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." | 7.5 |
2020-10-21 | CVE-2020-14880 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 7.5 |
2020-10-21 | CVE-2020-14879 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 7.5 |
2020-10-21 | CVE-2020-14877 | Oracle | Unspecified vulnerability in Oracle Hospitality Opera 5 Property Services 5.5/5.6 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). | 7.5 |
2020-10-21 | CVE-2020-14841 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2020-10-21 | CVE-2020-14825 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2020-10-21 | CVE-2020-14760 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 7.5 |
2020-10-20 | CVE-2020-25648 | Mozilla Redhat Fedoraproject Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. | 7.5 |
2020-10-20 | CVE-2020-5640 | Onethird | Unspecified vulnerability in Onethird 1.96C Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. | 7.5 |
2020-10-19 | CVE-2020-24388 | Yubico Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. | 7.5 |
2020-10-19 | CVE-2020-24387 | Yubico Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. | 7.5 |
2020-10-19 | CVE-2020-15822 | Jetbrains | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | 7.5 |
2020-10-19 | CVE-2020-24266 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tcpreplay tcpprep v4.3.3. | 7.5 |
2020-10-19 | CVE-2020-24265 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products An issue was discovered in tcpreplay tcpprep v4.3.3. | 7.5 |
2020-10-21 | CVE-2020-17381 | Ghisler | Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51 An issue was discovered in Ghisler Total Commander 9.51. | 7.3 |
2020-10-23 | CVE-2020-24848 | Fruitywifi Project | Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. | 7.2 |
2020-10-22 | CVE-2020-9927 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 7.2 |
2020-10-21 | CVE-2020-24425 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Dreamweaver Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. | 7.2 |
2020-10-21 | CVE-2020-3459 | Cisco | OS Command Injection vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
2020-10-21 | CVE-2020-3455 | Cisco | Unspecified vulnerability in Cisco Firepower Extensible Operating System A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. | 7.2 |
2020-10-21 | CVE-2020-14872 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.2 |
2020-10-21 | CVE-2020-14735 | Oracle | Unspecified vulnerability in Oracle Scheduler Vulnerability in the Scheduler component of Oracle Database Server. | 7.2 |
2020-10-21 | CVE-2020-10139 | Acronis | Improper Initialization vulnerability in Acronis True Image 2021 Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. | 7.2 |
2020-10-21 | CVE-2020-10138 | Acronis | Improper Initialization vulnerability in Acronis Cyber Backup and Cyber Protect Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. | 7.2 |
2020-10-20 | CVE-2020-5791 | Nagios | OS Command Injection vulnerability in Nagios XI Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 7.2 |
2020-10-20 | CVE-2020-15264 | Chocolatey | External Control of File Name or Path vulnerability in Chocolatey Boxstarter The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. | 7.2 |
2020-10-19 | CVE-2020-11496 | Sprecher Automation | Command Injection vulnerability in Sprecher-Automation Sprecon-E Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. | 7.2 |
2020-10-21 | CVE-2020-3562 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Firepower Threat Defense 6.3.0/6.4.0/6.5.0 A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.1 |
2020-10-21 | CVE-2020-14897 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.1/12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). | 7.1 |
2020-10-21 | CVE-2020-14890 | Oracle | Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.1/12.0.2/12.0.3 Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). | 7.1 |
2020-10-23 | CVE-2020-27216 | Eclipse Netapp Oracle Apache Debian | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. | 7.0 |
2020-10-22 | CVE-2020-27672 | XEN Fedoraproject Opensuse Debian | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 7.0 |
286 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-22 | CVE-2020-10721 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven A flaw was found in the fabric8-maven-plugin 4.0.0 and later. | 6.9 |
2020-10-22 | CVE-2020-9990 | Apple | Race Condition vulnerability in Apple mac OS X A race condition was addressed with additional validation. | 6.9 |
2020-10-22 | CVE-2020-9921 | Apple | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 6.9 |
2020-10-22 | CVE-2020-9796 | Apple | Race Condition vulnerability in Apple mac OS X A race condition was addressed with improved state handling. | 6.9 |
2020-10-21 | CVE-2020-24424 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Premiere PRO 14.1/14.2/14.4 Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. | 6.9 |
2020-10-21 | CVE-2020-24423 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Media Encoder Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 6.9 |
2020-10-21 | CVE-2020-24420 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Photoshop Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. | 6.9 |
2020-10-21 | CVE-2020-24419 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe After Effects Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 6.9 |
2020-10-21 | CVE-2020-10140 | Acronis | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021 Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. | 6.9 |
2020-10-22 | CVE-2020-18129 | Eyoucms | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7 A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 6.8 |
2020-10-22 | CVE-2020-9985 | Apple | Classic Buffer Overflow vulnerability in Apple products A buffer overflow issue was addressed with improved memory handling. | 6.8 |
2020-10-22 | CVE-2020-9887 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved input validation. | 6.8 |
2020-10-22 | CVE-2020-9853 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved validation. | 6.8 |
2020-10-22 | CVE-2020-24033 | FS | Cross-Site Request Forgery (CSRF) vulnerability in FS S3900 24T4S Firmware An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. | 6.8 |
2020-10-21 | CVE-2020-24422 | Adobe | Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. | 6.8 |
2020-10-21 | CVE-2020-3549 | Cisco | Inadequate Encryption Strength vulnerability in Cisco Firepower Management Center A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. | 6.8 |
2020-10-21 | CVE-2020-7750 | MIT | Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0 This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. | 6.8 |
2020-10-21 | CVE-2020-5651 | Tipsandtricks HQ | SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | 6.8 |
2020-10-21 | CVE-2020-14901 | Oracle | Unspecified vulnerability in Oracle Database 19C Vulnerability in the RDBMS Security component of Oracle Database Server. | 6.8 |
2020-10-21 | CVE-2020-14896 | Oracle | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0/14.4.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 6.8 |
2020-10-21 | CVE-2020-14894 | Oracle | Unspecified vulnerability in Oracle Banking Corporate Lending Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). | 6.8 |
2020-10-21 | CVE-2020-14891 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14888 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14887 | Oracle | Unspecified vulnerability in Oracle Flexcube Universal Banking Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). | 6.8 |
2020-10-21 | CVE-2020-14873 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). | 6.8 |
2020-10-21 | CVE-2020-14870 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). | 6.8 |
2020-10-21 | CVE-2020-14869 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). | 6.8 |
2020-10-21 | CVE-2020-14868 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14867 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). | 6.8 |
2020-10-21 | CVE-2020-14866 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14861 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14852 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). | 6.8 |
2020-10-21 | CVE-2020-14848 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.8 |
2020-10-21 | CVE-2020-14846 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14845 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14844 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 6.8 |
2020-10-21 | CVE-2020-14843 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 6.8 |
2020-10-21 | CVE-2020-14839 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14837 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14836 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14830 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14829 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.8 |
2020-10-21 | CVE-2020-14821 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.8 |
2020-10-21 | CVE-2020-14814 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 6.8 |
2020-10-21 | CVE-2020-14809 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
2020-10-21 | CVE-2020-14757 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 6.8 |
2020-10-21 | CVE-2020-14741 | Oracle | Unspecified vulnerability in Oracle Database Filesystem 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Database Filesystem component of Oracle Database Server. | 6.8 |
2020-10-21 | CVE-2020-14734 | Oracle | Unspecified vulnerability in Oracle Text Vulnerability in the Oracle Text component of Oracle Database Server. | 6.8 |
2020-10-20 | CVE-2020-24415 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 6.8 |
2020-10-20 | CVE-2020-24414 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 6.8 |
2020-10-20 | CVE-2020-24413 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 6.8 |
2020-10-20 | CVE-2020-24412 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. | 6.8 |
2020-10-20 | CVE-2020-24411 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. | 6.8 |
2020-10-20 | CVE-2020-24410 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. | 6.8 |
2020-10-20 | CVE-2020-24409 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. | 6.8 |
2020-10-20 | CVE-2020-6362 | SAP | Incorrect Authorization vulnerability in SAP Banking Services 500 SAP Banking Services version 500, use an incorrect authorization object in some of its reports. | 6.8 |
2020-10-19 | CVE-2020-15256 | Object Path Project | Unspecified vulnerability in Object-Path Project Object-Path A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. | 6.8 |
2020-10-19 | CVE-2020-9263 | Huawei | Use After Free vulnerability in Huawei Mate 30 Firmware and P30 Firmware HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. | 6.8 |
2020-10-19 | CVE-2020-16158 | Gopro | Out-of-bounds Write vulnerability in Gopro Gpmf-Parser GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). | 6.8 |
2020-10-19 | CVE-2020-15909 | Solarwinds | Session Fixation vulnerability in Solarwinds N-Central SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. | 6.8 |
2020-10-21 | CVE-2020-3514 | Cisco | Unspecified vulnerability in Cisco products A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. | 6.7 |
2020-10-21 | CVE-2020-3458 | Cisco | Unspecified vulnerability in Cisco Adaptive Security Appliance Software Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. | 6.7 |
2020-10-21 | CVE-2020-3457 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
2020-10-19 | CVE-2020-15261 | Veyon | Unquoted Search Path or Element vulnerability in Veyon On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. | 6.7 |
2020-10-22 | CVE-2020-9929 | Apple | Unspecified vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 6.6 |
2020-10-22 | CVE-2020-9908 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 6.6 |
2020-10-22 | CVE-2020-9779 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 6.6 |
2020-10-21 | CVE-2020-15244 | Openmage | Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. | 6.5 |
2020-10-21 | CVE-2020-3578 | Cisco | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. | 6.5 |
2020-10-21 | CVE-2020-14828 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 6.5 |
2020-10-21 | CVE-2020-14778 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Global Payroll Core 9.2 Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). | 6.5 |
2020-10-21 | CVE-2020-14775 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 6.5 |
2020-10-21 | CVE-2020-14769 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2020-10-21 | CVE-2020-14765 | Oracle Netapp Debian Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). | 6.5 |
2020-10-21 | CVE-2020-14736 | Oracle | Unspecified vulnerability in Oracle Database Vault 11.2.0.4/12.1.0.2/12.2.0.1 Vulnerability in the Database Vault component of Oracle Database Server. | 6.5 |
2020-10-20 | CVE-2020-5792 | Nagios | Argument Injection or Modification vulnerability in Nagios XI 5.7.3 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 6.5 |
2020-10-20 | CVE-2019-4680 | IBM | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. | 6.5 |
2020-10-20 | CVE-2020-7749 | OSM Static Maps Project | Server-Side Request Forgery (SSRF) vulnerability in Osm-Static-Maps Project Osm-Static-Maps This affects all versions of package osm-static-maps. | 6.5 |
2020-10-22 | CVE-2019-16127 | Microchip | Integer Overflow or Wraparound vulnerability in Microchip Advanced Software Framework 4 Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | 6.4 |
2020-10-22 | CVE-2020-27195 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. | 6.4 |
2020-10-21 | CVE-2020-27607 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. | 6.4 |
2020-10-21 | CVE-2020-14805 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Secure Enterprise Search Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). | 6.4 |
2020-10-21 | CVE-2020-14761 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). | 6.4 |
2020-10-20 | CVE-2020-15269 | Sparksolutions | Insufficient Session Expiration vulnerability in Sparksolutions Spree In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. | 6.4 |
2020-10-19 | CVE-2020-16159 | Gopro | Out-of-bounds Read vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). | 6.4 |
2020-10-21 | CVE-2020-3599 | Cisco | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2020-10-21 | CVE-2020-3583 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3582 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3581 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3580 | Cisco | Cross-site Scripting vulnerability in Cisco products Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. | 6.1 |
2020-10-21 | CVE-2020-3577 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. | 6.1 |
2020-10-21 | CVE-2020-3558 | Cisco | Open Redirect vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
2020-10-20 | CVE-2020-24416 | Adobe | Cross-site Scripting vulnerability in Adobe Marketo Sales Insight Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
2020-10-22 | CVE-2020-13327 | Gitlab | Unspecified vulnerability in Gitlab Runner An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. | 6.0 |
2020-10-22 | CVE-2020-9994 | Apple | Unspecified vulnerability in Apple products A path handling issue was addressed with improved validation. | 5.8 |
2020-10-21 | CVE-2020-3565 | Cisco | Improper Authentication vulnerability in Cisco Firepower Threat Defense A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. | 5.8 |
2020-10-21 | CVE-2020-3299 | Cisco Snort | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. | 5.8 |
2020-10-21 | CVE-2020-15240 | Auth0 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 5.8 |
2020-10-21 | CVE-2020-14857 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 5.8 |
2020-10-21 | CVE-2020-14849 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2020-10-21 | CVE-2020-14842 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). | 5.8 |
2020-10-21 | CVE-2020-14835 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2020-10-21 | CVE-2020-14834 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 5.8 |
2020-10-21 | CVE-2020-14833 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 5.8 |
2020-10-21 | CVE-2020-14832 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). | 5.8 |
2020-10-21 | CVE-2020-14831 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2020-10-21 | CVE-2020-14819 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 5.8 |
2020-10-21 | CVE-2020-14817 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2020-10-21 | CVE-2020-14816 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 5.8 |
2020-10-21 | CVE-2020-14815 | Oracle | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 5.8 |
2020-10-21 | CVE-2020-14813 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). | 5.8 |
2020-10-21 | CVE-2020-14810 | Oracle | Unspecified vulnerability in Oracle Hospitality Suite8 Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). | 5.8 |
2020-10-21 | CVE-2020-14808 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). | 5.8 |
2020-10-21 | CVE-2020-14807 | Oracle | Unspecified vulnerability in Oracle Hospitality Suite 8.10.2 Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). | 5.8 |
2020-10-21 | CVE-2020-14792 | Oracle Debian Netapp Mcafee Opensuse | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). | 5.8 |
2020-10-21 | CVE-2020-14788 | Oracle | Unspecified vulnerability in Oracle Communications Diameter Signaling Router 8.1/8.2/8.3 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). | 5.8 |
2020-10-21 | CVE-2020-14784 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 5.8 |
2020-10-21 | CVE-2020-14780 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). | 5.8 |
2020-10-21 | CVE-2020-14746 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). | 5.8 |
2020-10-21 | CVE-2020-26896 | Lightning Network Daemon Project | Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. | 5.8 |
2020-10-20 | CVE-2020-3994 | Vmware | Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. | 5.8 |
2020-10-19 | CVE-2020-10746 | Infinispan | Unspecified vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0 A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. | 5.6 |
2020-10-22 | CVE-2020-27673 | Linux Debian Opensuse XEN | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 5.5 |
2020-10-22 | CVE-2020-9902 | Apple | Out-of-bounds Read vulnerability in Apple products An out-of-bounds read was addressed with improved bounds checking. | 5.5 |
2020-10-22 | CVE-2020-26649 | Atomx | Missing Authorization vulnerability in Atomx Atomxcms 2 AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | 5.5 |
2020-10-21 | CVE-2020-3550 | Cisco | Path Traversal vulnerability in Cisco Firepower Management Center A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. | 5.5 |
2020-10-21 | CVE-2020-14895 | Oracle | Unspecified vulnerability in Oracle Utilities Framework Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). | 5.5 |
2020-10-21 | CVE-2020-14823 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.5 |
2020-10-21 | CVE-2020-14766 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). | 5.5 |
2020-10-21 | CVE-2020-14742 | Oracle | Unspecified vulnerability in Oracle Core Rdbms Vulnerability in the Core RDBMS component of Oracle Database Server. | 5.5 |
2020-10-20 | CVE-2020-6366 | SAP | Improper Input Validation vulnerability in SAP Netweaver Compare Systems SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. | 5.5 |
2020-10-19 | CVE-2020-9113 | Huawei | Classic Buffer Overflow vulnerability in Huawei Mate 20 Firmware HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. | 5.4 |
2020-10-22 | CVE-2020-27674 | XEN Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 5.3 |
2020-10-21 | CVE-2020-3564 | Cisco | Interpretation Conflict vulnerability in Cisco Firepower Threat Defense A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. | 5.3 |
2020-10-21 | CVE-2020-3557 | Cisco | Improper Certificate Validation vulnerability in Cisco Firepower Management Center A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.3 |
2020-10-22 | CVE-2020-25186 | WE CON | XML Entity Expansion vulnerability in We-Con Levistudiou An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | 5.0 |
2020-10-22 | CVE-2020-15681 | Mozilla | Unspecified vulnerability in Mozilla Firefox When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. | 5.0 |
2020-10-22 | CVE-2020-15680 | Mozilla | Unspecified vulnerability in Mozilla Firefox If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. | 5.0 |
2020-10-22 | CVE-2019-17007 | Mozilla Siemens | Improper Certificate Validation vulnerability in multiple products In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | 5.0 |
2020-10-22 | CVE-2020-9924 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 5.0 |
2020-10-22 | CVE-2020-27665 | Strapi | Incorrect Default Permissions vulnerability in Strapi In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | 5.0 |
2020-10-22 | CVE-2020-9869 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 5.0 |
2020-10-22 | CVE-2020-9828 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X An out-of-bounds read was addressed with improved input validation. | 5.0 |
2020-10-22 | CVE-2020-9787 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved restrictions. | 5.0 |
2020-10-22 | CVE-2020-26650 | Atomx | Missing Authorization vulnerability in Atomx Atomxcms 2.0 AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | 5.0 |
2020-10-21 | CVE-2020-15266 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. | 5.0 | |
2020-10-21 | CVE-2020-15265 | Out-of-bounds Read vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. | 5.0 | |
2020-10-21 | CVE-2020-3317 | Cisco | Improper Input Validation vulnerability in Cisco Firepower Threat Defense A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. | 5.0 |
2020-10-21 | CVE-2020-27610 | Bigbluebutton | Information Exposure vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | 5.0 |
2020-10-21 | CVE-2020-27609 | Bigbluebutton | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. | 5.0 |
2020-10-21 | CVE-2020-27606 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
2020-10-21 | CVE-2020-27603 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 5.0 |
2020-10-21 | CVE-2020-14826 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). | 5.0 |
2020-10-21 | CVE-2020-14820 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 5.0 |
2020-10-21 | CVE-2020-14811 | Oracle | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). | 5.0 |
2020-10-21 | CVE-2020-14806 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). | 5.0 |
2020-10-21 | CVE-2020-14803 | Oracle Netapp Debian Opensuse | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). | 5.0 |
2020-10-21 | CVE-2020-14783 | Oracle | Unspecified vulnerability in Oracle Hospitality RES 3700 Firmware 5.7 Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). | 5.0 |
2020-10-21 | CVE-2020-14774 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.0 |
2020-10-21 | CVE-2020-26895 | Lightning Network Daemon Project | Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. | 5.0 |
2020-10-20 | CVE-2020-25157 | Advantech | SQL Injection vulnerability in Advantech R-Seenet The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | 5.0 |
2020-10-20 | CVE-2020-24765 | Mind | Information Exposure vulnerability in Mind Imind Server 3.13.65 InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | 5.0 |
2020-10-20 | CVE-2020-15931 | Netwrix | Authentication Bypass by Capture-replay vulnerability in Netwrix Account Lockout Examiner Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | 5.0 |
2020-10-20 | CVE-2019-9080 | Domainmod | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Domainmod DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | 5.0 |
2020-10-20 | CVE-2020-6308 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.0 |
2020-10-19 | CVE-2020-13937 | Apache | Insecure Storage of Sensitive Information vulnerability in Apache Kylin Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | 5.0 |
2020-10-19 | CVE-2020-15262 | Webpack Subresource Integrity Project | Insufficient Verification of Data Authenticity vulnerability in Webpack-Subresource-Integrity Project Webpack-Subresource-Integrity In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. | 5.0 |
2020-10-19 | CVE-2020-16161 | Gopro | Divide By Zero vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). | 5.0 |
2020-10-19 | CVE-2020-16160 | Gopro | Divide By Zero vulnerability in Gopro Gpmf-Parser 1.5 GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). | 5.0 |
2020-10-19 | CVE-2020-8929 | Unspecified vulnerability in Google Tink A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. | 5.0 | |
2020-10-21 | CVE-2020-14900 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14899 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14898 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14892 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14889 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14886 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14885 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14884 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14881 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-10-21 | CVE-2020-14853 | Oracle Netapp | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). | 4.9 |
2020-10-21 | CVE-2020-14812 | Oracle Netapp Debian Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). | 4.9 |
2020-10-21 | CVE-2020-14794 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-10-21 | CVE-2020-14793 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-10-21 | CVE-2020-14790 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 4.9 |
2020-10-21 | CVE-2020-14789 | Oracle Netapp Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). | 4.9 |
2020-10-21 | CVE-2020-14787 | Oracle | Unspecified vulnerability in Oracle Communications Diameter Signaling Router 8.1/8.2/8.3 Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). | 4.9 |
2020-10-21 | CVE-2020-14786 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 4.9 |
2020-10-21 | CVE-2020-14785 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-10-21 | CVE-2020-14777 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-10-21 | CVE-2020-14776 | Oracle Netapp Fedoraproject Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-10-21 | CVE-2020-14773 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-10-21 | CVE-2020-14763 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14762 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14754 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). | 4.9 |
2020-10-21 | CVE-2020-14752 | Oracle | Unspecified vulnerability in Oracle Hyperion Lifecycle Management 11.1.2.4 Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). | 4.9 |
2020-10-21 | CVE-2020-14743 | Oracle | Unspecified vulnerability in Oracle Java Virtual Machine Vulnerability in the Java VM component of Oracle Database Server. | 4.9 |
2020-10-21 | CVE-2020-14672 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.9 |
2020-10-20 | CVE-2020-3982 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. | 4.9 |
2020-10-20 | CVE-2020-4756 | IBM | Improper Resource Shutdown or Release vulnerability in IBM Elastic Storage Server and Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. | 4.9 |
2020-10-22 | CVE-2020-27675 | Linux Fedoraproject Debian | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 4.7 |
2020-10-21 | CVE-2020-3561 | Cisco | Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. | 4.7 |
2020-10-23 | CVE-2020-5990 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 4.6 |
2020-10-23 | CVE-2020-5978 | Nvidia | Unspecified vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | 4.6 |
2020-10-23 | CVE-2020-9331 | Cryptopro | Improper Privilege Management vulnerability in Cryptopro CSP CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. | 4.6 |
2020-10-23 | CVE-2020-26887 | AVM | Unspecified vulnerability in AVM Fritz!Box 7490 Firmware FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism. | 4.6 |
2020-10-23 | CVE-2019-14719 | Verifone | Unspecified vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | 4.6 |
2020-10-23 | CVE-2019-14718 | Verifone | Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | 4.6 |
2020-10-23 | CVE-2019-14717 | Verifone | Classic Buffer Overflow vulnerability in Verifone Verix OS Qt000530 Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | 4.6 |
2020-10-23 | CVE-2019-14716 | Verifone | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | 4.6 |
2020-10-23 | CVE-2019-14715 | Verifone | Out-of-bounds Write vulnerability in Verifone products Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | 4.6 |
2020-10-23 | CVE-2019-14712 | Verifone | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | 4.6 |
2020-10-22 | CVE-2019-16128 | Microchip | Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | 4.6 |
2020-10-22 | CVE-2019-16129 | Microchip | Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | 4.6 |
2020-10-22 | CVE-2020-9810 | Apple | Unspecified vulnerability in Apple mac OS X 10.15.4 A logic issue was addressed with improved restrictions. | 4.6 |
2020-10-22 | CVE-2020-3915 | Apple | Unspecified vulnerability in Apple mac OS X A path handling issue was addressed with improved validation. | 4.6 |
2020-10-22 | CVE-2020-3898 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X A memory corruption issue was addressed with improved validation. | 4.6 |
2020-10-21 | CVE-2020-27613 | Bigbluebutton | Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | 4.6 |
2020-10-19 | CVE-2020-9112 | Huawei | Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. | 4.6 |
2020-10-23 | CVE-2020-5977 | Nvidia | Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 4.4 |
2020-10-23 | CVE-2019-14711 | Verifone | Incorrect Authorization vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | 4.4 |
2020-10-22 | CVE-2020-9939 | Apple | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple mac OS X This issue was addressed with improved checks. | 4.4 |
2020-10-23 | CVE-2020-24847 | Fruitywifi Project | Cross-Site Request Forgery (CSRF) vulnerability in Fruitywifi Project Fruitywifi A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. | 4.3 |
2020-10-22 | CVE-2020-15682 | Mozilla | Origin Validation Error vulnerability in Mozilla Firefox When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. | 4.3 |
2020-10-22 | CVE-2018-18508 | Mozilla Siemens | NULL Pointer Dereference vulnerability in multiple products In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | 4.3 |
2020-10-22 | CVE-2020-9997 | Apple | Unspecified vulnerability in Apple mac OS X An information disclosure issue was addressed with improved state management. | 4.3 |
2020-10-22 | CVE-2020-9986 | Apple | Unspecified vulnerability in Apple mac OS X A file access issue existed with certain home folder files. | 4.3 |
2020-10-22 | CVE-2020-27155 | Octopus | Unspecified vulnerability in Octopus Deploy An issue was discovered in Octopus Deploy through 2020.4.4. | 4.3 |
2020-10-22 | CVE-2020-27646 | Biscom | Insufficiently Protected Credentials vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | 4.3 |
2020-10-22 | CVE-2020-27642 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.7.6 A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | 4.3 |
2020-10-22 | CVE-2020-27620 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Skin:Cosmos The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. | 4.3 |
2020-10-21 | CVE-2020-24421 | Adobe | NULL Pointer Dereference vulnerability in Adobe Indesign Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. | 4.3 |
2020-10-21 | CVE-2020-17454 | Wso2 | Cross-site Scripting vulnerability in Wso2 API Manager WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. | 4.3 |
2020-10-21 | CVE-2020-17355 | Arista | Unspecified vulnerability in Arista EOS Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed. | 4.3 |
2020-10-21 | CVE-2020-27344 | Cminds | Cross-site Scripting vulnerability in Cminds CM Download Manager 2.7.0 The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | 4.3 |
2020-10-21 | CVE-2020-3553 | Cisco | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
2020-10-21 | CVE-2020-3515 | Cisco | Cross-site Scripting vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
2020-10-21 | CVE-2020-5650 | Tipsandtricks HQ | Cross-site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 4.3 |
2020-10-21 | CVE-2020-27608 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | 4.3 |
2020-10-21 | CVE-2020-14840 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). | 4.3 |
2020-10-21 | CVE-2020-14822 | Oracle | Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). | 4.3 |
2020-10-21 | CVE-2020-14802 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 4.3 |
2020-10-21 | CVE-2020-14801 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 4.3 |
2020-10-21 | CVE-2020-14797 | Oracle Netapp Opensuse Debian | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 4.3 |
2020-10-21 | CVE-2020-14795 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). | 4.3 |
2020-10-21 | CVE-2020-14782 | Oracle Debian Netapp Mcafee Opensuse | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 4.3 |
2020-10-21 | CVE-2020-14781 | Oracle Netapp Debian Opensuse | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). | 4.3 |
2020-10-20 | CVE-2020-5790 | Nagios | Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 4.3 |
2020-10-20 | CVE-2020-7371 | Raiseitsolutions | Improper Restriction of Rendered UI Layers or Frames vulnerability in Raiseitsolutions Rits Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7370 | Boltbrowser | Missing Authentication for Critical Function vulnerability in Boltbrowser Bolt Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7369 | Yandex | Missing Authentication for Critical Function vulnerability in Yandex Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7364 | Ucweb | Unspecified vulnerability in Ucweb UC Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-7363 | Ucweb | Unspecified vulnerability in Ucweb UC Browser User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. | 4.3 |
2020-10-20 | CVE-2020-3993 | Vmware | Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. | 4.3 |
2020-10-20 | CVE-2020-4749 | IBM | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2020-10-20 | CVE-2020-4748 | IBM | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 4.3 |
2020-10-20 | CVE-2020-16246 | GE | Cross-site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | 4.3 |
2020-10-20 | CVE-2020-6369 | SAP | Unspecified vulnerability in SAP Focused RUN and Solution Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. | 4.3 |
2020-10-20 | CVE-2020-6367 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Composite Application Framework There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. | 4.3 |
2020-10-20 | CVE-2020-6315 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | 4.3 |
2020-10-19 | CVE-2020-15263 | Orchid | Cross-site Scripting vulnerability in Orchid Platform In platform before version 9.4.4, inline attributes are not properly escaped. | 4.3 |
2020-10-19 | CVE-2019-13633 | Blinger | Cross-site Scripting vulnerability in Blinger 1.0.2519 Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. | 4.3 |
2020-10-19 | CVE-2020-24375 | Free | Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 4.3 |
2020-10-19 | CVE-2020-26891 | Matrix | Cross-site Scripting vulnerability in Matrix Synapse AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. | 4.3 |
2020-10-19 | CVE-2020-15910 | Solarwinds | Incorrect Permission Assignment for Critical Resource vulnerability in Solarwinds N-Central SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. | 4.3 |
2020-10-23 | CVE-2020-3998 | Vmware | Insufficiently Protected Credentials vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. | 4.0 |
2020-10-23 | CVE-2020-15003 | Open Xchange | Information Exposure vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3 OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | 4.0 |
2020-10-23 | CVE-2020-15002 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | 4.0 |
2020-10-22 | CVE-2020-15270 | Parseplatform | Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. | 4.0 |
2020-10-22 | CVE-2020-9935 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 4.0 |
2020-10-22 | CVE-2020-27621 | Mediawiki | Unspecified vulnerability in Mediawiki The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. | 4.0 |
2020-10-21 | CVE-2020-27612 | Bigbluebutton | Information Exposure vulnerability in Bigbluebutton Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window. | 4.0 |
2020-10-21 | CVE-2020-27604 | Bigbluebutton | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 4.0 |
2020-10-21 | CVE-2020-14893 | Oracle | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.0 |
2020-10-21 | CVE-2020-14860 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). | 4.0 |
2020-10-21 | CVE-2020-14847 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). | 4.0 |
2020-10-21 | CVE-2020-14838 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.0 |
2020-10-21 | CVE-2020-14827 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). | 4.0 |
2020-10-21 | CVE-2020-14804 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). | 4.0 |
2020-10-21 | CVE-2020-14800 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 4.0 |
2020-10-21 | CVE-2020-14799 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). | 4.0 |
2020-10-21 | CVE-2020-14768 | Oracle | Unspecified vulnerability in Oracle Hyperion Analytic Provider Services 11.1.2.4 Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). | 4.0 |
2020-10-21 | CVE-2020-14745 | Oracle | Unspecified vulnerability in Oracle Rest Data Services Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). | 4.0 |
2020-10-21 | CVE-2020-14744 | Oracle | Unspecified vulnerability in Oracle Rest Data Services Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). | 4.0 |
2020-10-21 | CVE-2020-6648 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. | 4.0 |
2020-10-21 | CVE-2020-25820 | Bigbluebutton | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 4.0 |
2020-10-19 | CVE-2020-15245 | Sylius | Missing Authorization vulnerability in Sylius In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. | 4.0 |
41 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-10-21 | CVE-2020-3585 | Cisco | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. | 3.7 |
2020-10-21 | CVE-2020-14779 | Oracle Debian Fedoraproject Opensuse Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). | 3.7 |
2020-10-22 | CVE-2020-9771 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with a new entitlement. | 3.6 |
2020-10-21 | CVE-2020-14758 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 3.6 |
2020-10-23 | CVE-2020-27388 | Yourls | Cross-site Scripting vulnerability in Yourls 1.7/1.7.3 Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. | 3.5 |
2020-10-23 | CVE-2020-3997 | Vmware | Cross-site Scripting vulnerability in VMWare Horizon VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. | 3.5 |
2020-10-23 | CVE-2020-15004 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3 OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | 3.5 |
2020-10-23 | CVE-2018-8062 | Comtrend | Cross-site Scripting vulnerability in Comtrend Ar-5387Un Firmware A731410Jazc04R02.A2Pd035G.D23I A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | 3.5 |
2020-10-22 | CVE-2020-27666 | Strapi | Cross-site Scripting vulnerability in Strapi Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. | 3.5 |
2020-10-22 | CVE-2020-7020 | Elastic | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.5 |
2020-10-22 | CVE-2020-27533 | Dedecms | Cross-site Scripting vulnerability in Dedecms 5.8 A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 3.5 |
2020-10-21 | CVE-2020-14771 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). | 3.5 |
2020-10-21 | CVE-2020-14732 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 19.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). | 3.5 |
2020-10-21 | CVE-2020-14731 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0/19.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). | 3.5 |
2020-10-20 | CVE-2020-3995 | Vmware | Memory Leak vulnerability in VMWare products In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. | 3.5 |
2020-10-20 | CVE-2020-3981 | Vmware | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare products VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. | 3.5 |
2020-10-20 | CVE-2020-4755 | IBM | Cross-site Scripting vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. | 3.5 |
2020-10-20 | CVE-2020-4564 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. | 3.5 |
2020-10-20 | CVE-2020-6370 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Design Time Repository SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2020-10-20 | CVE-2020-7747 | Lightning VIZ | Cross-site Scripting vulnerability in Lightning-Viz Lightning This affects all versions of package lightning-server. | 3.5 |
2020-10-22 | CVE-2020-27560 | Imagemagick Debian Opensuse | Divide By Zero vulnerability in multiple products ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | 3.3 |
2020-10-21 | CVE-2020-14759 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). | 3.3 |
2020-10-19 | CVE-2020-9111 | Huawei | Unspecified vulnerability in Huawei E6878-370 Firmware and E6878-870 Firmware E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. | 2.7 |
2020-10-21 | CVE-2020-14798 | Oracle Netapp Debian Opensuse | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 2.6 |
2020-10-21 | CVE-2020-14796 | Oracle Netapp Opensuse Debian | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 2.6 |
2020-10-21 | CVE-2020-14791 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 2.2 |
2020-10-23 | CVE-2020-9361 | Cryptopro | Improper Input Validation vulnerability in Cryptopro CSP 5.0.0.10004 CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | 2.1 |
2020-10-23 | CVE-2019-14713 | Verifone | Unspecified vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | 2.1 |
2020-10-22 | CVE-2020-3996 | Vmware | Unspecified vulnerability in VMWare Velero Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | 2.1 |
2020-10-22 | CVE-2020-9772 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved restrictions. | 2.1 |
2020-10-22 | CVE-2020-3918 | Apple | Unspecified vulnerability in Apple products An access issue was addressed with additional sandbox restrictions. | 2.1 |
2020-10-21 | CVE-2020-14818 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). | 2.1 |
2020-10-21 | CVE-2020-14772 | Oracle | Unspecified vulnerability in Oracle Hyperion Lifecycle Management 11.1.2.4 Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). | 2.1 |
2020-10-21 | CVE-2020-14770 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). | 2.1 |
2020-10-21 | CVE-2020-14767 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). | 2.1 |
2020-10-21 | CVE-2020-14764 | Oracle | Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4 Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). | 2.1 |
2020-10-20 | CVE-2020-4491 | IBM | Resource Exhaustion vulnerability in IBM Spectrum Scale IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. | 2.1 |
2020-10-19 | CVE-2020-9092 | Huawei | Injection vulnerability in Huawei Mate 20 Firmware HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. | 2.1 |
2020-10-21 | CVE-2020-3352 | Cisco | Unspecified vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. | 1.9 |
2020-10-21 | CVE-2020-14753 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). | 1.9 |
2020-10-21 | CVE-2020-14740 | Oracle | Unspecified vulnerability in Oracle SQL Developer Vulnerability in the SQL Developer Install component of Oracle Database Server. | 1.9 |