Weekly Vulnerabilities Reports > October 19 to 25, 2020

Overview

514 new vulnerabilities reported during this period, including 88 critical vulnerabilities and 56 high severity vulnerabilities. This weekly summary report vulnerabilities in 265 products from 102 vendors including Oracle, HP, Apple, Cisco, and Netapp. Vulnerabilities are notably categorized as "Expression Language Injection", "Cross-site Scripting", "Out-of-bounds Write", "Out-of-bounds Read", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 429 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 123 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 362 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 161 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 64 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

88 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-22 CVE-2019-17006 Siemens
Mozilla
Netapp
Insufficient Verification of Data Authenticity vulnerability in multiple products

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.

10.0
2020-10-21 CVE-2020-14882 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

10.0
2020-10-21 CVE-2020-14871 Oracle Out-Of-Bounds Write vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module).

10.0
2020-10-21 CVE-2020-14859 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

10.0
2020-10-21 CVE-2020-14855 Oracle Unspecified vulnerability in Oracle Universal Work Queue 12.1.3

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration).

10.0
2020-10-20 CVE-2020-3992 Vmware USE After Free vulnerability in VMWare Cloud Foundation and Esxi

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue.

10.0
2020-10-19 CVE-2020-7172 HP Injection vulnerability in HP Intelligent Management Center

A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7171 HP Injection vulnerability in HP Intelligent Management Center

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7170 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7169 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7168 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7167 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7166 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7165 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7164 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7163 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7162 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7161 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7160 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7159 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7158 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7157 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7156 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7155 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7154 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7153 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7152 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7151 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7150 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7149 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7148 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7147 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7146 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7145 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7144 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7143 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7142 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7141 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24652 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24651 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24650 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24649 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24648 HP Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24647 HP Improper Input Validation vulnerability in HP Intelligent Management Center

A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24646 HP Out-Of-Bounds Write vulnerability in HP Intelligent Management Center

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-24629 HP Improper Authentication vulnerability in HP Intelligent Management Center

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

10.0
2020-10-19 CVE-2020-7745 Mintegral Code Injection vulnerability in Mintegral Mintegraladsdk

This affects the package MintegralAdSDK before 6.6.0.0.

10.0
2020-10-22 CVE-2020-9906 Apple Improper Input Validation vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

9.4
2020-10-21 CVE-2020-14875 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

9.4
2020-10-22 CVE-2020-9928 Apple Unspecified vulnerability in Apple mac OS X

Multiple memory corruption issues were addressed with improved memory handling.

9.3
2020-10-22 CVE-2020-9904 Apple Unspecified vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

9.3
2020-10-22 CVE-2020-9899 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

9.3
2020-10-22 CVE-2020-9892 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

Multiple memory corruption issues were addressed with improved state management.

9.3
2020-10-22 CVE-2020-9863 Apple Improper Initialization vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

9.3
2020-10-21 CVE-2020-24418 Adobe Out-Of-Bounds Read vulnerability in Adobe After Effects

Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure.

9.3
2020-10-21 CVE-2020-9750 Adobe Out-Of-Bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user.

9.3
2020-10-21 CVE-2020-9749 Adobe Out-Of-Bounds Read vulnerability in Adobe Animate 15.2.1.95/20.5

Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user.

9.3
2020-10-21 CVE-2020-9748 Adobe Out-Of-Bounds Write vulnerability in Adobe Animate 15.2.1.95/20.5

Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user.

9.3
2020-10-21 CVE-2020-9747 Adobe Double Free vulnerability in Adobe Animate 15.2.1.95/20.5

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user.

9.3
2020-10-21 CVE-2018-11764 Apache Missing Authentication FOR Critical Function vulnerability in Apache Hadoop 3.0.0

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0.

9.0
2020-10-21 CVE-2020-14883 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

9.0
2020-10-21 CVE-2020-14862 Oracle Unspecified vulnerability in Oracle Universal Work Queue

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations).

9.0
2020-10-20 CVE-2020-5791 Nagios OS Command Injection vulnerability in Nagios XI 5.7.3

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

9.0
2020-10-19 CVE-2020-7195 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7194 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7193 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7192 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7191 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7190 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7189 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7188 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7187 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7186 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7185 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7184 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7183 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7182 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7181 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7180 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7179 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7178 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7177 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7176 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7175 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7174 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-7173 HP Expression Language Injection vulnerability in HP Intelligent Management Center

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-24630 HP Improper Privilege Management vulnerability in HP Intelligent Management Center

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

9.0
2020-10-19 CVE-2020-13778 Rconfig OS Command Injection vulnerability in Rconfig

rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.

9.0

56 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-21 CVE-2020-14876 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

8.5
2020-10-21 CVE-2020-14865 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Esupplier Connection 9.2

Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection).

8.5
2020-10-21 CVE-2020-14858 Oracle Unspecified vulnerability in Oracle Hospitality Opera 5 Property Services 5.5/5.6

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging).

8.5
2020-10-21 CVE-2020-14854 Oracle Unspecified vulnerability in Oracle Hyperion Infrastructure Technology 11.1.2.4

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization).

7.9
2020-10-21 CVE-2020-3571 Cisco Improper Input Validation vulnerability in Cisco Firepower Threat Defense

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2020-10-21 CVE-2020-3563 Cisco Resource Exhaustion vulnerability in Cisco Firepower Threat Defense

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2020-10-21 CVE-2020-3555 Cisco Improper Resource Shutdown OR Release vulnerability in Cisco products

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.

7.8
2020-10-21 CVE-2020-3554 Cisco Resource Exhaustion vulnerability in Cisco Adaptive Security Appliance

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2020-10-21 CVE-2020-3436 Cisco Unrestricted Upload of File With Dangerous Type vulnerability in Cisco products

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.

7.8
2020-10-21 CVE-2020-3373 Cisco Memory Leak vulnerability in Cisco products

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.

7.8
2020-10-21 CVE-2020-3304 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

7.8
2020-10-21 CVE-2020-14864 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation).

7.8
2020-10-21 CVE-2020-14863 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

7.8
2020-10-21 CVE-2020-14856 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

7.8
2020-10-21 CVE-2020-14851 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

7.8
2020-10-21 CVE-2020-14850 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields).

7.8
2020-10-21 CVE-2020-14824 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

7.8
2020-10-19 CVE-2020-6085 Rockwellautomation Classic Buffer Overflow vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.

7.8
2020-10-19 CVE-2020-6084 Rockwellautomation Unspecified vulnerability in Rockwellautomation Flex I/O 1794-Aent 4.003

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.

7.8
2020-10-21 CVE-2020-14878 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth).

7.7
2020-10-23 CVE-2020-25483 Ucms Project Command Injection vulnerability in Ucms Project Ucms 1.4.8

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

7.5
2020-10-23 CVE-2020-25466 Crmeb Server-Side Request Forgery (SSRF) vulnerability in Crmeb 3.0

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

7.5
2020-10-22 CVE-2020-15684 Mozilla Unspecified vulnerability in Mozilla Firefox

Mozilla developers reported memory safety bugs present in Firefox 81.

7.5
2020-10-22 CVE-2020-15683 Mozilla
Debian
Opensuse
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.
7.5
2020-10-22 CVE-2020-27664 Strapi Unspecified vulnerability in Strapi

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.

7.5
2020-10-22 CVE-2020-9898 Apple Unspecified vulnerability in Apple Ipad OS and Iphone OS

This issue was addressed with improved entitlements.

7.5
2020-10-22 CVE-2020-15906 Tiki Improper Restriction of Excessive Authentication Attempts vulnerability in Tiki

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

7.5
2020-10-22 CVE-2020-27619 Python Unspecified vulnerability in Python

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

7.5
2020-10-21 CVE-2020-27615 Loginizer SQL Injection vulnerability in Loginizer

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

7.5
2020-10-21 CVE-2020-27611 Bigbluebutton USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Bigbluebutton

BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

7.5
2020-10-21 CVE-2020-27605 Bigbluebutton Unspecified vulnerability in Bigbluebutton

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

7.5
2020-10-21 CVE-2020-14880 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

7.5
2020-10-21 CVE-2020-14879 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

7.5
2020-10-21 CVE-2020-14877 Oracle Unspecified vulnerability in Oracle Hospitality Opera 5 Property Services 5.5/5.6

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging).

7.5
2020-10-21 CVE-2020-14841 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2020-10-21 CVE-2020-14825 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

7.5
2020-10-21 CVE-2020-14760 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

7.5
2020-10-20 CVE-2020-5640 Onethird Unspecified vulnerability in Onethird 1.96C

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.

7.5
2020-10-19 CVE-2020-15822 Jetbrains Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

7.5
2020-10-23 CVE-2020-24848 Fruitywifi Project Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL].

7.2
2020-10-22 CVE-2020-9927 Apple Out-Of-Bounds Write vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

7.2
2020-10-21 CVE-2020-24425 Adobe Uncontrolled Search Path Element vulnerability in Adobe Dreamweaver

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation.

7.2
2020-10-21 CVE-2020-3514 Cisco Unspecified vulnerability in Cisco Firepower Management Center

A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace.

7.2
2020-10-21 CVE-2020-3459 Cisco OS Command Injection vulnerability in Cisco Firepower Extensible Operating System

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.2
2020-10-21 CVE-2020-3457 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.2
2020-10-21 CVE-2020-3455 Cisco Unspecified vulnerability in Cisco Firepower Extensible Operating System

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms.

7.2
2020-10-21 CVE-2020-14872 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.2
2020-10-21 CVE-2020-14735 Oracle Unspecified vulnerability in Oracle Scheduler

Vulnerability in the Scheduler component of Oracle Database Server.

7.2
2020-10-21 CVE-2020-10139 Acronis Improper Privilege Management vulnerability in Acronis True Image 2021

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\.

7.2
2020-10-21 CVE-2020-10138 Acronis Improper Privilege Management vulnerability in Acronis Cyber Backup and Cyber Protect

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\.

7.2
2020-10-20 CVE-2020-15264 Chocolatey External Control of File Name OR Path vulnerability in Chocolatey Boxstarter

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable.

7.2
2020-10-19 CVE-2020-11496 Sprecher Automation Command Injection vulnerability in Sprecher-Automation Sprecon-E

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code.

7.2
2020-10-22 CVE-2020-9902 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

7.1
2020-10-21 CVE-2020-3562 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Firepower Threat Defense 6.3.0/6.4.0/6.5.0

A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.1
2020-10-21 CVE-2020-14897 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.1/12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login).

7.1
2020-10-21 CVE-2020-14890 Oracle Unspecified vulnerability in Oracle Flexcube Direct Banking 12.0.1/12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login).

7.1

328 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-22 CVE-2020-27672 XEN Race Condition vulnerability in XEN

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

6.9
2020-10-22 CVE-2020-27671 XEN
Opensuse
Improper Privilege Management vulnerability in multiple products

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.

6.9
2020-10-22 CVE-2020-27670 XEN
Opensuse
Insufficient Verification of Data Authenticity vulnerability in multiple products

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

6.9
2020-10-22 CVE-2020-10721 Redhat Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven

A flaw was found in the fabric8-maven-plugin 4.0.0 and later.

6.9
2020-10-22 CVE-2020-9990 Apple Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Apple mac OS X

A race condition was addressed with additional validation.

6.9
2020-10-22 CVE-2020-9921 Apple Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

6.9
2020-10-22 CVE-2020-9796 Apple Race Condition vulnerability in Apple mac OS X

A race condition was addressed with improved state handling.

6.9
2020-10-21 CVE-2020-24424 Adobe Uncontrolled Search Path Element vulnerability in Adobe Premiere PRO 14.1/14.2/14.4

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user.

6.9
2020-10-21 CVE-2020-24423 Adobe Uncontrolled Search Path Element vulnerability in Adobe Media Encoder

Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

6.9
2020-10-21 CVE-2020-24420 Adobe Uncontrolled Search Path Element vulnerability in Adobe Photoshop

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user.

6.9
2020-10-21 CVE-2020-24419 Adobe Uncontrolled Search Path Element vulnerability in Adobe After Effects

Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

6.9
2020-10-21 CVE-2020-10140 Acronis Incorrect Permission Assignment FOR Critical Resource vulnerability in Acronis True Image 2021

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory.

6.9
2020-10-22 CVE-2020-18129 Eyoucms Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.2.7

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

6.8
2020-10-22 CVE-2020-9985 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9984 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2020-10-22 CVE-2020-9980 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9940 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9938 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2020-10-22 CVE-2020-9937 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9919 Apple Out-Of-Bounds Write vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9887 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

6.8
2020-10-22 CVE-2020-9883 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9882 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9881 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.8
2020-10-22 CVE-2020-9880 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9879 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9877 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9876 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9875 Apple Integer Overflow OR Wraparound vulnerability in Apple products

An integer overflow was addressed through improved input validation.

6.8
2020-10-22 CVE-2020-9874 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9873 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.8
2020-10-22 CVE-2020-9872 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9871 Apple Out-Of-Bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

6.8
2020-10-22 CVE-2020-9853 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved validation.

6.8
2020-10-22 CVE-2020-24033 FS Cross-Site Request Forgery (CSRF) vulnerability in FS S3900 24T4S Firmware

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier.

6.8
2020-10-21 CVE-2020-24422 Adobe Uncontrolled Search Path Element vulnerability in Adobe Creative Cloud

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2020-10-21 CVE-2020-3549 Cisco Inadequate Encryption Strength vulnerability in Cisco Firepower Management Center

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash.

6.8
2020-10-21 CVE-2020-3456 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 2.4(1.249)

A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device.

6.8
2020-10-21 CVE-2020-3410 Cisco Improper Authentication vulnerability in Cisco Firepower Management Center 6.6.0/6.6.0.1

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system.

6.8
2020-10-21 CVE-2020-7750 MIT Cross-Site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.

6.8
2020-10-21 CVE-2020-5651 Tipsandtricks HQ SQL Injection vulnerability in Tipsandtricks-Hq Simple Download Monitor

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.

6.8
2020-10-21 CVE-2020-14901 Oracle Unspecified vulnerability in Oracle Database 19C

Vulnerability in the RDBMS Security component of Oracle Database Server.

6.8
2020-10-21 CVE-2020-14896 Oracle Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0/14.4.0

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

6.8
2020-10-21 CVE-2020-14894 Oracle Unspecified vulnerability in Oracle Banking Corporate Lending

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

6.8
2020-10-21 CVE-2020-14891 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14888 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14887 Oracle Unspecified vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

6.8
2020-10-21 CVE-2020-14873 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging).

6.8
2020-10-21 CVE-2020-14870 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin).

6.8
2020-10-21 CVE-2020-14869 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth).

6.8
2020-10-21 CVE-2020-14868 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14867 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).

6.8
2020-10-21 CVE-2020-14866 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14861 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14852 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets).
6.8
2020-10-21 CVE-2020-14848 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

6.8
2020-10-21 CVE-2020-14846 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14845 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2020-10-21 CVE-2020-14844 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).

6.8
2020-10-21 CVE-2020-14843 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

6.8
2020-10-21 CVE-2020-14839 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2020-10-21 CVE-2020-14837 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2020-10-21 CVE-2020-14836 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.8
2020-10-21 CVE-2020-14830 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14829 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

6.8
2020-10-21 CVE-2020-14821 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).

6.8
2020-10-21 CVE-2020-14814 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).

6.8
2020-10-21 CVE-2020-14812 Oracle
Netapp
Debian
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking).
6.8
2020-10-21 CVE-2020-14809 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

6.8
2020-10-21 CVE-2020-14765 Oracle
Netapp
Debian
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).
6.8
2020-10-21 CVE-2020-14757 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

6.8
2020-10-21 CVE-2020-14741 Oracle Unspecified vulnerability in Oracle Database Filesystem 11.2.0.4/12.1.0.2/12.2.0.1

Vulnerability in the Database Filesystem component of Oracle Database Server.

6.8
2020-10-21 CVE-2020-14734 Oracle Unspecified vulnerability in Oracle Text

Vulnerability in the Oracle Text component of Oracle Database Server.

6.8
2020-10-21 CVE-2020-14672 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
6.8
2020-10-20 CVE-2020-24415 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

6.8
2020-10-20 CVE-2020-24414 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

6.8
2020-10-20 CVE-2020-24413 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

6.8
2020-10-20 CVE-2020-24412 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

6.8
2020-10-20 CVE-2020-24411 Adobe Out-Of-Bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files.

6.8
2020-10-20 CVE-2020-24410 Adobe Out-Of-Bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files.

6.8
2020-10-20 CVE-2020-24409 Adobe Out-Of-Bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files.

6.8
2020-10-20 CVE-2020-6362 SAP Incorrect Authorization vulnerability in SAP Banking Services 500

SAP Banking Services version 500, use an incorrect authorization object in some of its reports.

6.8
2020-10-20 CVE-2020-7748 TS ED Project Resource Exhaustion vulnerability in Ts.Ed Project Ts.Ed

This affects the package @tsed/core before 5.65.7.

6.8
2020-10-19 CVE-2020-15256 Object Path Project Modification of Assumed-Immutable Data (Maid) vulnerability in Object-Path Project Object-Path

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method.

6.8
2020-10-19 CVE-2020-9263 Huawei USE After Free vulnerability in Huawei Mate 30 Firmware and P30 Firmware

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability.

6.8
2020-10-19 CVE-2020-16158 Gopro Out-Of-Bounds Write vulnerability in Gopro Gpmf-Parser

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE().

6.8
2020-10-19 CVE-2020-15909 Solarwinds Session Fixation vulnerability in Solarwinds N-Central

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access.

6.8
2020-10-22 CVE-2020-9929 Apple Unspecified vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

6.6
2020-10-22 CVE-2020-9908 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.6
2020-10-22 CVE-2020-9779 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.6
2020-10-23 CVE-2020-26561 Belkin Out-Of-Bounds Write vulnerability in Belkin Linksys WRT 160Nl Firmware 1.0.04

** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd.

6.5
2020-10-22 CVE-2020-11853 Microfocus
HP
Arbitrary code execution vulnerability affecting multiple Micro Focus products.
6.5
2020-10-21 CVE-2020-15244 Openmage Injection vulnerability in Openmage Magento

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.

6.5
2020-10-21 CVE-2020-14828 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).

6.5
2020-10-21 CVE-2020-14778 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Global Payroll Core 9.2

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security).

6.5
2020-10-21 CVE-2020-14736 Oracle Unspecified vulnerability in Oracle Database Vault 11.2.0.4/12.1.0.2/12.2.0.1

Vulnerability in the Database Vault component of Oracle Database Server.

6.5
2020-10-20 CVE-2020-5792 Nagios Command Injection vulnerability in Nagios XI 5.7.3

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.

6.5
2020-10-20 CVE-2020-9417 Tibco SQL Injection vulnerability in Tibco products

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection.

6.5
2020-10-20 CVE-2019-4680 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection.

6.5
2020-10-20 CVE-2020-7749 OSM Static Maps Project Server-Side Request Forgery (SSRF) vulnerability in Osm-Static-Maps Project Osm-Static-Maps

This affects all versions of package osm-static-maps.

6.5
2020-10-22 CVE-2020-9920 Apple Path Traversal vulnerability in Apple products

A path handling issue was addressed with improved validation.

6.4
2020-10-22 CVE-2019-16127 Microchip Integer Overflow OR Wraparound vulnerability in Microchip Advanced Software Framework 4

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

6.4
2020-10-22 CVE-2020-9868 Apple Improper Certificate Validation vulnerability in Apple products

A certificate validation issue existed when processing administrator added certificates.

6.4
2020-10-22 CVE-2020-27195 Hashicorp Unspecified vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas.

6.4
2020-10-21 CVE-2020-27607 Bigbluebutton Unspecified vulnerability in Bigbluebutton

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client.

6.4
2020-10-21 CVE-2020-14805 Oracle Unspecified vulnerability in Oracle E-Business Suite Secure Enterprise Search

Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine).

6.4
2020-10-21 CVE-2020-14761 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces).

6.4
2020-10-20 CVE-2020-15269 Sparksolutions Improper Authentication vulnerability in Sparksolutions Spree

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints.

6.4
2020-10-19 CVE-2020-16159 Gopro Out-Of-Bounds Read vulnerability in Gopro Gpmf-Parser 1.5

GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData().

6.4
2020-10-21 CVE-2020-3577 Cisco Improper Input Validation vulnerability in Cisco Firepower Threat Defense

A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

6.1
2020-10-22 CVE-2020-13327 Gitlab Unspecified vulnerability in Gitlab Runner

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10.

6.0
2020-10-22 CVE-2020-9994 Apple Unspecified vulnerability in Apple products

A path handling issue was addressed with improved validation.

5.8
2020-10-21 CVE-2020-3578 Cisco Incorrect Authorization vulnerability in Cisco products

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked.

5.8
2020-10-21 CVE-2020-3558 Cisco Open Redirect vulnerability in Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

5.8
2020-10-21 CVE-2020-15240 Auth0 Improper Authentication vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.

5.8
2020-10-21 CVE-2020-14857 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

5.8
2020-10-21 CVE-2020-14849 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-10-21 CVE-2020-14842 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

5.8
2020-10-21 CVE-2020-14835 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-10-21 CVE-2020-14834 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

5.8
2020-10-21 CVE-2020-14833 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

5.8
2020-10-21 CVE-2020-14832 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker).

5.8
2020-10-21 CVE-2020-14831 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-10-21 CVE-2020-14819 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-10-21 CVE-2020-14817 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-10-21 CVE-2020-14816 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-10-21 CVE-2020-14815 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

5.8
2020-10-21 CVE-2020-14813 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids).

5.8
2020-10-21 CVE-2020-14810 Oracle Unspecified vulnerability in Oracle Hospitality Suite8

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect).

5.8
2020-10-21 CVE-2020-14808 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

5.8
2020-10-21 CVE-2020-14807 Oracle Unspecified vulnerability in Oracle Hospitality Suite 8.10.2/8.11/8.15

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect).

5.8
2020-10-21 CVE-2020-14792 Oracle
Debian
Netapp
Mcafee
Opensuse
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot).
5.8
2020-10-21 CVE-2020-14788 Oracle Unspecified vulnerability in Oracle Communications Diameter Signaling Router 8.1/8.2/8.3

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface).

5.8
2020-10-21 CVE-2020-14784 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service).

5.8
2020-10-21 CVE-2020-14780 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

5.8
2020-10-21 CVE-2020-14746 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows).

5.8
2020-10-21 CVE-2020-26896 Lightning Network Daemon Project Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon

Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database.

5.8
2020-10-20 CVE-2020-3994 Vmware Improper Certificate Validation vulnerability in VMWare Cloud Foundation and Vcenter Server

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation.

5.8
2020-10-19 CVE-2020-10746 Infinispan Missing Authorization vulnerability in Infinispan Infinispan-Server-Runtime 10.0.0

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs.

5.6
2020-10-22 CVE-2020-26649 Atomx Missing Authorization vulnerability in Atomx Atomxcms 2

AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php

5.5
2020-10-21 CVE-2020-3550 Cisco Path Traversal vulnerability in Cisco Firepower Management Center

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path.

5.5
2020-10-21 CVE-2020-14895 Oracle Unspecified vulnerability in Oracle Utilities Framework

Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide).

5.5
2020-10-21 CVE-2020-14823 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.5
2020-10-21 CVE-2020-14766 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration).

5.5
2020-10-21 CVE-2020-14742 Oracle Unspecified vulnerability in Oracle Core Rdbms

Vulnerability in the Core RDBMS component of Oracle Database Server.

5.5
2020-10-20 CVE-2020-6366 SAP Improper Input Validation vulnerability in SAP Netweaver Compare Systems

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents.

5.5
2020-10-19 CVE-2020-9113 Huawei Classic Buffer Overflow vulnerability in Huawei Mate 20 Firmware

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module.

5.4
2020-10-22 CVE-2020-25186 WE CON XML Entity Expansion vulnerability in We-Con Levistudiou

An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.

5.0
2020-10-22 CVE-2020-15681 Mozilla Unspecified vulnerability in Mozilla Firefox

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.

5.0
2020-10-22 CVE-2020-15680 Mozilla Unspecified vulnerability in Mozilla Firefox

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler.

5.0
2020-10-22 CVE-2019-17007 Mozilla
Siemens
Improper Certificate Validation vulnerability in multiple products

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

5.0
2020-10-22 CVE-2020-9924 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

5.0
2020-10-22 CVE-2020-9905 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

5.0
2020-10-22 CVE-2020-27665 Strapi Incorrect Default Permissions vulnerability in Strapi

In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.

5.0
2020-10-22 CVE-2020-9869 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

5.0
2020-10-22 CVE-2020-9828 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

5.0
2020-10-22 CVE-2020-9787 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

5.0
2020-10-22 CVE-2020-26650 Atomx Missing Authorization vulnerability in Atomx Atomxcms 2.0

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php

5.0
2020-10-22 CVE-2020-27638 Fastd Project
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

5.0
2020-10-21 CVE-2020-15266 Tensorflow Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tensorflow

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value.

5.0
2020-10-21 CVE-2020-15265 Tensorflow Out-Of-Bounds Read vulnerability in Tensorflow

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`.

5.0
2020-10-21 CVE-2020-3572 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2020-10-21 CVE-2020-3564 Cisco Improper Privilege Management vulnerability in Cisco products

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection.

5.0
2020-10-21 CVE-2020-3557 Cisco Improper Certificate Validation vulnerability in Cisco Firepower Management Center

A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2020-10-21 CVE-2020-3533 Cisco Resource Exhaustion vulnerability in Cisco Firepower Threat Defense

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly.

5.0
2020-10-21 CVE-2020-3529 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

5.0
2020-10-21 CVE-2020-3528 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

5.0
2020-10-21 CVE-2020-3499 Cisco Resource Exhaustion vulnerability in Cisco Firepower Management Center

A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system.

5.0
2020-10-21 CVE-2020-3317 Cisco Improper Input Validation vulnerability in Cisco Firepower Threat Defense

A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances.

5.0
2020-10-21 CVE-2020-3299 Cisco
Snort
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP.
5.0
2020-10-21 CVE-2020-27610 Bigbluebutton Information Exposure vulnerability in Bigbluebutton

The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

5.0
2020-10-21 CVE-2020-27609 Bigbluebutton Incorrect Authorization vulnerability in Bigbluebutton

BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface.

5.0
2020-10-21 CVE-2020-27606 Bigbluebutton Unspecified vulnerability in Bigbluebutton

BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2020-10-21 CVE-2020-27603 Bigbluebutton Unspecified vulnerability in Bigbluebutton

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.

5.0
2020-10-21 CVE-2020-14826 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions).

5.0
2020-10-21 CVE-2020-14820 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

5.0
2020-10-21 CVE-2020-14811 Oracle Unspecified vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration).

5.0
2020-10-21 CVE-2020-14806 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

5.0
2020-10-21 CVE-2020-14803 Oracle
Netapp
Debian
Opensuse
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries).
5.0
2020-10-21 CVE-2020-14783 Oracle Unspecified vulnerability in Oracle Hospitality RES 3700 Firmware 5.7

Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL).

5.0
2020-10-21 CVE-2020-14774 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.0
2020-10-21 CVE-2020-26895 Lightning Network Daemon Project Improper Validation of Integrity Check Value vulnerability in Lightning Network Daemon Project Lightning Network Daemon

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions.

5.0
2020-10-20 CVE-2020-25648 Mozilla
Redhat
Fedoraproject
Allocation of Resources Without Limits OR Throttling vulnerability in multiple products

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.

5.0
2020-10-20 CVE-2020-25157 Advantech SQL Injection vulnerability in Advantech R-Seenet

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.

5.0
2020-10-20 CVE-2020-24765 Mind Information Exposure vulnerability in Mind Imind Server 3.13.65

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.

5.0
2020-10-20 CVE-2020-15931 Netwrix Authentication Bypass BY Capture-Replay vulnerability in Netwrix Account Lockout Examiner

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.

5.0
2020-10-20 CVE-2019-9080 Domainmod USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Domainmod

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

5.0
2020-10-20 CVE-2020-6308 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally.

5.0
2020-10-19 CVE-2020-13937 Apache Insecure Storage of Sensitive Information vulnerability in Apache Kylin

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

5.0
2020-10-19 CVE-2020-24388 Yubico
Fedoraproject
Improper Input Validation vulnerability in multiple products

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.

5.0
2020-10-19 CVE-2020-24387 Yubico
Fedoraproject
Insufficient Session Expiration vulnerability in multiple products

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.

5.0
2020-10-19 CVE-2020-15262 Webpack Subresource Integrity Project Insufficient Verification of Data Authenticity vulnerability in Webpack-Subresource-Integrity Project Webpack-Subresource-Integrity

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity.

5.0
2020-10-19 CVE-2020-16161 Gopro Divide BY Zero vulnerability in Gopro Gpmf-Parser 1.5

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData().

5.0
2020-10-19 CVE-2020-16160 Gopro Divide BY Zero vulnerability in Gopro Gpmf-Parser 1.5

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress().

5.0
2020-10-19 CVE-2020-24266 Appneta Out-Of-Bounds Write vulnerability in Appneta Tcpreplay 4.3.3

An issue was discovered in tcpreplay tcpprep v4.3.3.

5.0
2020-10-19 CVE-2020-24265 Appneta Out-Of-Bounds Write vulnerability in Appneta Tcpreplay 4.3.3

An issue was discovered in tcpreplay tcpprep v4.3.3.

5.0
2020-10-19 CVE-2020-8929 Google Unspecified vulnerability in Google Tink

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext.

5.0
2020-10-22 CVE-2020-27673 Linux
XEN
Resource Exhaustion vulnerability in multiple products

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.

4.9
2020-10-21 CVE-2020-14900 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server.

4.9
2020-10-21 CVE-2020-14899 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server.

4.9
2020-10-21 CVE-2020-14898 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server.

4.9
2020-10-21 CVE-2020-14892 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14889 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14886 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14885 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14884 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14881 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.9
2020-10-21 CVE-2020-14853 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin).
4.9
2020-10-21 CVE-2020-14787 Oracle Unspecified vulnerability in Oracle Communications Diameter Signaling Router 8.1/8.2/8.3

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface).

4.9
2020-10-21 CVE-2020-14763 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server.

4.9
2020-10-21 CVE-2020-14762 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

4.9
2020-10-21 CVE-2020-14754 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

4.9
2020-10-21 CVE-2020-14752 Oracle Unspecified vulnerability in Oracle Hyperion Lifecycle Management 11.1.2.4

Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services).

4.9
2020-10-21 CVE-2020-14743 Oracle Unspecified vulnerability in Oracle Java Virtual Machine

Vulnerability in the Java VM component of Oracle Database Server.

4.9
2020-10-20 CVE-2020-3982 Vmware Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in VMWare products

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device.

4.9
2020-10-20 CVE-2020-4756 IBM Improper Resource Shutdown OR Release vulnerability in IBM Elastic Storage Server and Spectrum Scale

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service.

4.9
2020-10-22 CVE-2020-27675 Linux
Fedoraproject
Race Condition vulnerability in multiple products

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.

4.7
2020-10-23 CVE-2020-5990 Nvidia Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

4.6
2020-10-23 CVE-2020-5978 Nvidia Unspecified vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

4.6
2020-10-23 CVE-2020-9331 Cryptopro Improper Privilege Management vulnerability in Cryptopro CSP

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation.

4.6
2020-10-23 CVE-2020-26887 AVM Unspecified vulnerability in AVM Fritz!Box 7490 Firmware

FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.

4.6
2020-10-23 CVE-2019-14719 Verifone Unspecified vulnerability in Verifone Mx900 Firmware 30251000

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.

4.6
2020-10-23 CVE-2019-14718 Verifone Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

4.6
2020-10-23 CVE-2019-14717 Verifone Classic Buffer Overflow vulnerability in Verifone Verix OS Qt000530

Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.

4.6
2020-10-23 CVE-2019-14716 Verifone Unspecified vulnerability in Verifone Verix OS Qt000530

Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).

4.6
2020-10-23 CVE-2019-14715 Verifone Out-Of-Bounds Write vulnerability in Verifone products

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.

4.6
2020-10-23 CVE-2019-14712 Verifone Unspecified vulnerability in Verifone Verix OS Qt000530

Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.

4.6
2020-10-22 CVE-2020-27674 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

4.6
2020-10-22 CVE-2019-16128 Microchip Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).

4.6
2020-10-22 CVE-2020-9901 Apple Link Following vulnerability in Apple products

An issue existed within the path validation logic for symlinks.

4.6
2020-10-22 CVE-2019-16129 Microchip Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).

4.6
2020-10-22 CVE-2020-9900 Apple Link Following vulnerability in Apple products

An issue existed within the path validation logic for symlinks.

4.6
2020-10-22 CVE-2020-9854 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

4.6
2020-10-22 CVE-2020-9810 Apple Unspecified vulnerability in Apple mac OS X 10.15.4

A logic issue was addressed with improved restrictions.

4.6
2020-10-22 CVE-2020-3915 Apple Unspecified vulnerability in Apple mac OS X

A path handling issue was addressed with improved validation.

4.6
2020-10-22 CVE-2020-3898 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved validation.

4.6
2020-10-21 CVE-2020-3458 Cisco Unspecified vulnerability in Cisco products

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism.

4.6
2020-10-21 CVE-2020-27613 Bigbluebutton Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

4.6
2020-10-19 CVE-2020-15261 Veyon Unquoted Search Path OR Element vulnerability in Veyon

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges.

4.6
2020-10-19 CVE-2020-9112 Huawei Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability.

4.6
2020-10-23 CVE-2020-5977 Nvidia Uncontrolled Search Path Element vulnerability in Nvidia Geforce Experience

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

4.4
2020-10-23 CVE-2020-27216 Eclipse
Netapp
Oracle
Apache
Debian
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
4.4
2020-10-23 CVE-2019-14711 Verifone Incorrect Authorization vulnerability in Verifone Mx900 Firmware 30251000

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.

4.4
2020-10-22 CVE-2020-9939 Apple Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Apple mac OS X

This issue was addressed with improved checks.

4.4
2020-10-21 CVE-2020-17381 Ghisler Incorrect Default Permissions vulnerability in Ghisler Total Commander 9.51

An issue was discovered in Ghisler Total Commander 9.51.

4.4
2020-10-23 CVE-2020-24847 Fruitywifi Project Cross-Site Request Forgery (CSRF) vulnerability in Fruitywifi Project Fruitywifi

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4.

4.3
2020-10-22 CVE-2020-15682 Mozilla Origin Validation Error vulnerability in Mozilla Firefox

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in.

4.3
2020-10-22 CVE-2018-18508 Mozilla
Siemens
Null Pointer Dereference vulnerability in multiple products

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

4.3
2020-10-22 CVE-2020-9997 Apple Unspecified vulnerability in Apple mac OS X

An information disclosure issue was addressed with improved state management.

4.3
2020-10-22 CVE-2020-9986 Apple Unspecified vulnerability in Apple mac OS X

A file access issue existed with certain home folder files.

4.3
2020-10-22 CVE-2020-27155 Octopus Unspecified vulnerability in Octopus Deploy

An issue was discovered in Octopus Deploy through 2020.4.4.

4.3
2020-10-22 CVE-2020-27646 Biscom Insufficiently Protected Credentials vulnerability in Biscom Secure File Transfer

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.

4.3
2020-10-22 CVE-2020-27560 Imagemagick Divide BY Zero vulnerability in Imagemagick 7.0.1034

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

4.3
2020-10-22 CVE-2020-27642 Bigbluebutton Cross-Site Scripting vulnerability in Bigbluebutton Greenlight 2.7.6

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.

4.3
2020-10-22 CVE-2020-27620 Mediawiki Cross-Site Scripting vulnerability in Mediawiki Skin:Cosmos

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped.

4.3
2020-10-21 CVE-2020-24421 Adobe Null Pointer Dereference vulnerability in Adobe Indesign

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file.

4.3
2020-10-21 CVE-2020-17454 Wso2 Cross-Site Scripting vulnerability in Wso2 API Manager

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface.

4.3
2020-10-21 CVE-2020-17355 Arista Unspecified vulnerability in Arista EOS

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.

4.3
2020-10-21 CVE-2020-27344 Cminds Cross-Site Scripting vulnerability in Cminds CM Download Manager 2.7.0

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.

4.3
2020-10-21 CVE-2020-3599 Cisco Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2020-10-21 CVE-2020-3585 Cisco Information Exposure Through Discrepancy vulnerability in Cisco products

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information.

4.3
2020-10-21 CVE-2020-3583 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

4.3
2020-10-21 CVE-2020-3565 Cisco Improper Authentication vulnerability in Cisco Firepower Threat Defense

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system.

4.3
2020-10-21 CVE-2020-3561 Cisco Injection vulnerability in Cisco products

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system.

4.3
2020-10-21 CVE-2020-3553 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2020-10-21 CVE-2020-3515 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2020-10-21 CVE-2020-5650 Tipsandtricks HQ Cross-Site Scripting vulnerability in Tipsandtricks-Hq Simple Download Monitor

Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

4.3
2020-10-21 CVE-2020-27608 Bigbluebutton Cross-Site Scripting vulnerability in Bigbluebutton

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.

4.3
2020-10-21 CVE-2020-14840 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics).

4.3
2020-10-21 CVE-2020-14822 Oracle Unspecified vulnerability in Oracle Installed Base

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs).

4.3
2020-10-21 CVE-2020-14802 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

4.3
2020-10-21 CVE-2020-14801 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

4.3
2020-10-21 CVE-2020-14797 Oracle
Netapp
Opensuse
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
4.3
2020-10-21 CVE-2020-14795 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

4.3
2020-10-21 CVE-2020-14782 Oracle
Debian
Netapp
Mcafee
Opensuse
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
4.3
2020-10-21 CVE-2020-14781 Oracle
Netapp
Debian
Opensuse
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI).
4.3
2020-10-21 CVE-2020-14779 Oracle
Debian
Fedoraproject
Opensuse
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
4.3
2020-10-20 CVE-2020-5790 Nagios Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3

Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

4.3
2020-10-20 CVE-2020-24416 Adobe Cross-Site Scripting vulnerability in Adobe Marketo Sales Insight

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

4.3
2020-10-20 CVE-2020-7371 Raiseitsolutions Improper Restriction of Rendered UI Layers OR Frames vulnerability in Raiseitsolutions Rits Browser

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.

4.3
2020-10-20 CVE-2020-7370 Boltbrowser Missing Authentication FOR Critical Function vulnerability in Boltbrowser Bolt Browser

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser.

4.3
2020-10-20 CVE-2020-7369 Yandex Missing Authentication FOR Critical Function vulnerability in Yandex Browser

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.

4.3
2020-10-20 CVE-2020-7364 Ucweb Unspecified vulnerability in Ucweb UC Browser

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser.

4.3
2020-10-20 CVE-2020-7363 Ucweb Unspecified vulnerability in Ucweb UC Browser

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser.

4.3
2020-10-20 CVE-2020-3993 Vmware Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager.

4.3
2020-10-20 CVE-2020-4749 IBM Reliance ON Cookies Without Validation and Integrity Checking vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies.

4.3
2020-10-20 CVE-2020-4748 IBM Cross-Site Scripting vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting.

4.3
2020-10-20 CVE-2020-16246 GE Cross-Site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

4.3
2020-10-20 CVE-2020-6369 SAP Unspecified vulnerability in SAP Focused RUN and Solution Manager

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

4.3
2020-10-20 CVE-2020-6367 SAP Cross-Site Scripting vulnerability in SAP Netweaver Composite Application Framework

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50.

4.3
2020-10-20 CVE-2020-6315 SAP Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9

SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.

4.3
2020-10-19 CVE-2020-15263 Orchid Cross-Site Scripting vulnerability in Orchid Platform

In platform before version 9.4.4, inline attributes are not properly escaped.

4.3
2020-10-19 CVE-2019-13633 Blinger Cross-Site Scripting vulnerability in Blinger 1.0.2519

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS.

4.3
2020-10-19 CVE-2020-24375 Free Authentication Bypass BY Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

4.3
2020-10-19 CVE-2020-26891 Matrix Cross-Site Scripting vulnerability in Matrix Synapse

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter.

4.3
2020-10-19 CVE-2020-15910 Solarwinds Incorrect Permission Assignment FOR Critical Resource vulnerability in Solarwinds N-Central

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly.

4.3
2020-10-23 CVE-2020-3998 Vmware Insufficiently Protected Credentials vulnerability in VMWare Horizon Client

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability.

4.0
2020-10-23 CVE-2020-15003 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

4.0
2020-10-23 CVE-2020-15002 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

4.0
2020-10-22 CVE-2020-15270 Parseplatform Operation ON A Resource After Expiration OR Release vulnerability in Parseplatform Parse-Server

Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid.

4.0
2020-10-22 CVE-2020-9935 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

4.0
2020-10-22 CVE-2020-27621 Mediawiki Unspecified vulnerability in Mediawiki

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address.

4.0
2020-10-21 CVE-2020-27612 Bigbluebutton Information Exposure vulnerability in Bigbluebutton

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

4.0
2020-10-21 CVE-2020-27604 Bigbluebutton Improper Encoding OR Escaping of Output vulnerability in Bigbluebutton

BigBlueButton before 2.3 does not implement LibreOffice sandboxing.

4.0
2020-10-21 CVE-2020-14893 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

4.0
2020-10-21 CVE-2020-14860 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles).

4.0
2020-10-21 CVE-2020-14847 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

4.0
2020-10-21 CVE-2020-14838 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.0
2020-10-21 CVE-2020-14827 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth).

4.0
2020-10-21 CVE-2020-14804 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).

4.0
2020-10-21 CVE-2020-14800 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
4.0
2020-10-21 CVE-2020-14799 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).

4.0
2020-10-21 CVE-2020-14794 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14793 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14790 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).
4.0
2020-10-21 CVE-2020-14789 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).

4.0
2020-10-21 CVE-2020-14786 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).
4.0
2020-10-21 CVE-2020-14785 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14777 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14776 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.0
2020-10-21 CVE-2020-14775 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.0
2020-10-21 CVE-2020-14773 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14769 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.0
2020-10-21 CVE-2020-14768 Oracle Unspecified vulnerability in Oracle Hyperion Analytic Provider Services 11.1.2.4

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider).

4.0
2020-10-21 CVE-2020-14745 Oracle Unspecified vulnerability in Oracle Rest Data Services

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General).

4.0
2020-10-21 CVE-2020-14744 Oracle Unspecified vulnerability in Oracle Rest Data Services

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General).

4.0
2020-10-21 CVE-2020-6648 Fortinet Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

4.0
2020-10-21 CVE-2020-25820 Bigbluebutton Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.

4.0

42 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-22 CVE-2020-9771 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with a new entitlement.

3.6
2020-10-21 CVE-2020-14758 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

3.6
2020-10-23 CVE-2020-27388 Yourls Cross-Site Scripting vulnerability in Yourls 1.7/1.7.3

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10.

3.5
2020-10-23 CVE-2020-3997 Vmware Cross-Site Scripting vulnerability in VMWare Horizon

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability.

3.5
2020-10-23 CVE-2020-15004 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.

3.5
2020-10-23 CVE-2018-8062 Comtrend Cross-Site Scripting vulnerability in Comtrend Ar-5387Un Firmware A731410Jazc04R02.A2Pd035G.D23I

A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.

3.5
2020-10-22 CVE-2020-27666 Strapi Cross-Site Scripting vulnerability in Strapi

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.

3.5
2020-10-22 CVE-2020-7020 Elastic Improper Privilege Management vulnerability in Elastic Elasticsearch

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.

3.5
2020-10-22 CVE-2020-27533 Dedecms Cross-Site Scripting vulnerability in Dedecms 5.8

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

3.5
2020-10-21 CVE-2020-14791 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
3.5
2020-10-21 CVE-2020-14771 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth).
3.5
2020-10-21 CVE-2020-14732 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 19.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).

3.5
2020-10-21 CVE-2020-14731 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0/19.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment).

3.5
2020-10-20 CVE-2020-3995 Vmware Memory Leak vulnerability in VMWare products

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability.

3.5
2020-10-20 CVE-2020-3981 Vmware Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in VMWare products

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device.

3.5
2020-10-20 CVE-2020-4755 IBM Cross-Site Scripting vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting.

3.5
2020-10-20 CVE-2020-4564 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting.

3.5
2020-10-20 CVE-2020-6370 SAP Cross-Site Scripting vulnerability in SAP Netweaver Design Time Repository

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2020-10-20 CVE-2020-7747 Lightning VIZ Cross-Site Scripting vulnerability in Lightning-Viz Lightning

This affects all versions of package lightning-server.

3.5
2020-10-19 CVE-2020-15245 Sylius Cross-Site Scripting vulnerability in Sylius

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled.

3.5
2020-10-21 CVE-2020-14759 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

3.3
2020-10-19 CVE-2020-9111 Huawei Unspecified vulnerability in Huawei E6878-370 Firmware and E6878-870 Firmware

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability.

2.7
2020-10-21 CVE-2020-3582 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

2.6
2020-10-21 CVE-2020-3581 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

2.6
2020-10-21 CVE-2020-3580 Cisco Cross-Site Scripting vulnerability in Cisco products

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

2.6
2020-10-21 CVE-2020-14798 Oracle
Netapp
Debian
Opensuse
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
2.6
2020-10-21 CVE-2020-14796 Oracle
Netapp
Opensuse
Debian
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
2.6
2020-10-23 CVE-2020-9361 Cryptopro Improper Input Validation vulnerability in Cryptopro CSP 5.0.0.10004

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.

2.1
2020-10-23 CVE-2019-14713 Verifone Unspecified vulnerability in Verifone Mx900 Firmware 30251000

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.

2.1
2020-10-22 CVE-2020-3996 Vmware Unspecified vulnerability in VMWare Velero

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

2.1
2020-10-22 CVE-2020-9772 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

2.1
2020-10-22 CVE-2020-3918 Apple Unspecified vulnerability in Apple products

An access issue was addressed with additional sandbox restrictions.

2.1
2020-10-21 CVE-2020-14818 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility).

2.1
2020-10-21 CVE-2020-14772 Oracle Unspecified vulnerability in Oracle Hyperion Lifecycle Management 11.1.2.4

Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services).

2.1
2020-10-21 CVE-2020-14770 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service).

2.1
2020-10-21 CVE-2020-14767 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service).

2.1
2020-10-21 CVE-2020-14764 Oracle Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4

Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework).

2.1
2020-10-20 CVE-2020-4491 IBM Resource Exhaustion vulnerability in IBM Spectrum Scale

IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash.

2.1
2020-10-19 CVE-2020-9092 Huawei Injection vulnerability in Huawei Mate 20 Firmware

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability.

2.1
2020-10-21 CVE-2020-3352 Cisco Unspecified vulnerability in Cisco Firepower Threat Defense

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands.

1.9
2020-10-21 CVE-2020-14753 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation).

1.9
2020-10-21 CVE-2020-14740 Oracle Unspecified vulnerability in Oracle SQL Developer

Vulnerability in the SQL Developer Install component of Oracle Database Server.

1.9