Weekly Vulnerabilities Reports > October 26 to November 1, 2020

Overview

324 new vulnerabilities reported during this period, including 46 critical vulnerabilities and 56 high severity vulnerabilities. This weekly summary report vulnerabilities in 144 products from 96 vendors including Apple, Pulsesecure, IBM, Synology, and Intel. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Out-of-bounds Read", and "Improper Privilege Management".

  • 273 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 84 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 275 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 140 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 28 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

46 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-28 CVE-2020-16259 Winstonprivacy Incorrect Permission Assignment for Critical Resource vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices have an SSH user account with access from bastion hosts.

10.0
2020-10-28 CVE-2020-16257 Winstonprivacy Command Injection vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices are vulnerable to command injection via the API.

10.0
2020-10-28 CVE-2020-27976 Oscommerce OS Command Injection vulnerability in Oscommerce

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely.

10.0
2020-10-27 CVE-2019-8716 Apple Unspecified vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

10.0
2020-10-27 CVE-2019-8712 Apple Unspecified vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved memory handling.

10.0
2020-10-27 CVE-2020-11854 Microfocus Improper Authentication vulnerability in Microfocus products

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management.

10.0
2020-10-26 CVE-2020-26879 Commscope USE of Hard-Coded Credentials vulnerability in Commscope Ruckus Vriot

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py.

10.0
2020-10-29 CVE-2020-4724 IBM Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

9.3
2020-10-29 CVE-2020-4723 IBM Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

9.3
2020-10-29 CVE-2020-4722 IBM Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

9.3
2020-10-29 CVE-2020-4721 IBM Classic Buffer Overflow vulnerability in IBM I2 Analysts Notebook 9.2.0/9.2.1

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

9.3
2020-10-29 CVE-2020-7384 Rapid7 Command Injection vulnerability in Rapid7 Metasploit

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

9.3
2020-10-28 CVE-2020-24707 Getgophish Unspecified vulnerability in Getgophish Gophish

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.

9.3
2020-10-28 CVE-2020-16256 Winstonprivacy Cross-Site Request Forgery (CSRF) vulnerability in Winstonprivacy Winston Firmware 1.5.4

The API on Winston 1.5.4 devices is vulnerable to CSRF.

9.3
2020-10-27 CVE-2020-9973 Apple Out-Of-Bounds Read vulnerability in Apple Ipados and Iphone OS

An out-of-bounds read was addressed with improved bounds checking.

9.3
2020-10-27 CVE-2020-3880 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

9.3
2020-10-27 CVE-2020-3863 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8852 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8847 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8846 Apple
Redhat
USE After Free vulnerability in multiple products

A use after free issue was addressed with improved memory management.

9.3
2020-10-27 CVE-2019-8844 Apple
Redhat
Out-Of-Bounds Write vulnerability in multiple products

Multiple memory corruption issues were addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8838 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8837 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A logic issue was addressed with improved restrictions.

9.3
2020-10-27 CVE-2019-8836 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8835 Apple
Redhat
Out-Of-Bounds Write vulnerability in multiple products

Multiple memory corruption issues were addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8833 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed by removing the vulnerable code.

9.3
2020-10-27 CVE-2019-8832 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8831 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8830 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

9.3
2020-10-27 CVE-2019-8829 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption vulnerability was addressed with improved locking.

9.3
2020-10-27 CVE-2019-8828 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8824 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved state management.

9.3
2020-10-27 CVE-2019-8776 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8740 Apple Unspecified vulnerability in Apple products

A memory corruption vulnerability was addressed with improved locking.

9.3
2020-10-27 CVE-2019-8718 Apple Unspecified vulnerability in Apple Iphone OS and Tvos

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8715 Apple Unspecified vulnerability in Apple Iphone OS and mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2019-8709 Apple Unspecified vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

9.3
2020-10-27 CVE-2019-8539 Apple Unspecified vulnerability in Apple mac OS X 10.14.5

A memory initialization issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2018-4452 Apple Unspecified vulnerability in Apple mac OS X

A memory consumption issue was addressed with improved memory handling.

9.3
2020-10-27 CVE-2018-4451 Apple Unspecified vulnerability in Apple mac OS X

This issue is fixed in macOS Mojave 10.14.

9.3
2020-10-26 CVE-2020-15271 Lookatme Project OS Command Injection vulnerability in Lookatme Project Lookatme

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions.

9.3
2020-11-01 CVE-2020-25849 Openfind OS Command Injection vulnerability in Openfind Mailaudit and Mailgates

MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.

9.0
2020-10-29 CVE-2020-27887 Eyesofnetwork OS Command Injection vulnerability in Eyesofnetwork Eonweb

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8.

9.0
2020-10-26 CVE-2020-26878 Commscope Missing Authorization vulnerability in Commscope Ruckus Vriot 1.5.1.0.21

Ruckus through 1.5.1.0.21 is affected by remote command injection.

9.0
2020-10-26 CVE-2020-24632 Arubanetworks Command Injection vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

9.0
2020-10-26 CVE-2020-24631 Arubanetworks Command Injection vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

9.0

56 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-29 CVE-2020-5933 F5 Unspecified vulnerability in F5 products

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system.

7.8
2020-10-27 CVE-2019-8588 Apple Null Pointer Dereference vulnerability in Apple Airport Base Station Firmware

A null pointer dereference was addressed with improved input validation.

7.8
2020-10-27 CVE-2019-8573 Apple Improper Input Validation vulnerability in Apple Iphone OS, mac OS X and Watchos

An input validation issue was addressed with improved input validation.

7.8
2020-10-30 CVE-2020-7373 Vbulletin Command Injection vulnerability in Vbulletin

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.

7.5
2020-10-29 CVE-2020-27886 Eyesofnetwork SQL Injection vulnerability in Eyesofnetwork Eonweb 5.37/5.38

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8.

7.5
2020-10-29 CVE-2020-27998 Fast Report Inadequate Encryption Strength vulnerability in Fast-Report Fastreport

An issue was discovered in FastReport before 2020.4.0.

7.5
2020-10-29 CVE-2020-27995 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.0

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

7.5
2020-10-29 CVE-2020-27744 Westerndigital Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114.

7.5
2020-10-29 CVE-2020-27655 Synology Improper Privilege Management vulnerability in Synology Router Manager

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

7.5
2020-10-29 CVE-2020-27654 Synology Improper Privilege Management vulnerability in Synology Router Manager

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

7.5
2020-10-29 CVE-2020-11486 Intel Unrestricted Upload of File With Dangerous Type vulnerability in Intel BMC Firmware

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

7.5
2020-10-29 CVE-2020-11483 Intel USE of Hard-Coded Credentials vulnerability in Intel BMC Firmware

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.

7.5
2020-10-28 CVE-2020-27739 Citadel Insufficient Session Expiration vulnerability in Citadel Webcit 7.10/926

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions.

7.5
2020-10-28 CVE-2018-19949 Qnap Command Injection vulnerability in Qnap QTS

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.

7.5
2020-10-28 CVE-2020-8239 Pulsesecure Improper Privilege Management vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack.

7.5
2020-10-28 CVE-2020-27956 CAR Rental Management System Project Unrestricted Upload of File With Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

7.5
2020-10-27 CVE-2020-9866 Apple Classic Buffer Overflow vulnerability in Apple mac OS X

A buffer overflow was addressed with improved bounds checking.

7.5
2020-10-27 CVE-2019-8531 Apple Improper Input Validation vulnerability in Apple Iphone OS

A validation issue existed in Trust Anchor Management.

7.5
2020-10-27 CVE-2020-27160 Westerndigital Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware

Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3).

7.5
2020-10-27 CVE-2020-27159 Westerndigital Improper Input Validation vulnerability in Westerndigital MY Cloud Firmware

Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114

7.5
2020-10-27 CVE-2020-27158 Westerndigital Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware

Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.

7.5
2020-10-27 CVE-2020-25765 Westerndigital Improper Input Validation vulnerability in Westerndigital MY Cloud Firmware

Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.

7.5
2020-10-27 CVE-2020-12830 Westerndigital Out-Of-Bounds Write vulnerability in Westerndigital MY Cloud Firmware 04.05.00320

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

7.5
2020-10-27 CVE-2019-8767 Apple Out-Of-Bounds Write vulnerability in Apple mac OS X

A memory consumption issue was addressed with improved memory handling.

7.5
2020-10-27 CVE-2019-8756 Apple Improper Input Validation vulnerability in Apple products

Multiple memory corruption issues were addressed with improved input validation.

7.5
2020-10-27 CVE-2019-8749 Apple Improper Input Validation vulnerability in Apple products

Multiple memory corruption issues were addressed with improved input validation.

7.5
2020-10-27 CVE-2019-8746 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

7.5
2020-10-27 CVE-2019-8581 Apple Out-Of-Bounds Read vulnerability in Apple Airport Base Station Firmware

An out-of-bounds read was addressed with improved input validation.

7.5
2020-10-27 CVE-2019-8578 Apple USE After Free vulnerability in Apple Airport Base Station Firmware

A use after free issue was addressed with improved memory management.

7.5
2020-10-27 CVE-2019-8572 Apple Null Pointer Dereference vulnerability in Apple Airport Base Station Firmware

A null pointer dereference was addressed with improved input validation.

7.5
2020-10-27 CVE-2019-8547 Apple Out-Of-Bounds Read vulnerability in Apple Iphone OS, mac OS X and Watchos

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

7.5
2020-10-27 CVE-2019-7288 Apple Unspecified vulnerability in Apple Iphone OS and mac OS X

The issue was addressed with improved validation on the FaceTime server.

7.5
2020-10-27 CVE-2018-4296 Apple Unspecified vulnerability in Apple mac OS X 10.14

This issue is fixed in macOS Mojave 10.14.

7.5
2020-10-27 CVE-2020-27853 Wire USE of Externally-Controlled Format String vulnerability in Wire products

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string.

7.5
2020-10-27 CVE-2020-27183 Konzept IX Information Exposure vulnerability in Konzept-Ix Publixone

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

7.5
2020-10-27 CVE-2020-27179 Konzept IX Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Konzept-Ix Publixone

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

7.5
2020-10-26 CVE-2020-27743 PAM Tacplus Project USE of Insufficiently Random Values vulnerability in PAM Tacplus Project PAM Tacplus

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes().

7.5
2020-10-26 CVE-2020-7197 HP Improper Authentication vulnerability in HP Storeserv Management Console

SSMC3.7.0.0 is vulnerable to remote authentication bypass.

7.5
2020-10-26 CVE-2020-7127 Arubanetworks Unspecified vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

7.5
2020-10-26 CVE-2020-7124 Arubanetworks Missing Authorization vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

7.5
2020-10-26 CVE-2020-27678 Illumos
Joyent
Omniosce
Classic Buffer Overflow vulnerability in multiple products

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022.

7.5
2020-10-28 CVE-2020-26133 Dual Dhcp DNS Server Project Improper Privilege Management vulnerability in Dual Dhcp DNS Server Project Dual Dhcp DNS Server 7.40

An issue was discovered in Dual DHCP DNS Server 7.40.

7.2
2020-10-28 CVE-2020-26132 Home DNS Server Project Improper Privilege Management vulnerability in Home DNS Server Project Home DNS Server 0.10

An issue was discovered in Home DNS Server 0.10.

7.2
2020-10-28 CVE-2020-26131 Open Dhcp Server Project Improper Privilege Management vulnerability in Open Dhcp Server Project Open Dhcp Server 0.1/1.75

Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta.

7.2
2020-10-28 CVE-2020-26130 Open Tftp Server Project Improper Privilege Management vulnerability in Open Tftp Server Project Open Tftp Server 1.66

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66.

7.2
2020-10-28 CVE-2020-16262 Winstonprivacy Incorrect Permission Assignment for Critical Resource vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.

7.2
2020-10-28 CVE-2020-16261 Winstonprivacy Incorrect Permission Assignment for Critical Resource vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.

7.2
2020-10-27 CVE-2020-3864 Apple
Redhat
Origin Validation Error vulnerability in multiple products

A logic issue was addressed with improved validation.

7.2
2020-10-27 CVE-2019-8841 Apple Improper Privilege Management vulnerability in Apple Ipados and Iphone OS

An information disclosure issue was addressed by removing the vulnerable code.

7.2
2020-10-27 CVE-2019-8569 Apple Unspecified vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

7.2
2020-10-27 CVE-2019-8534 Apple Out-Of-Bounds Write vulnerability in Apple mac OS X 10.14.3

A logic issue existed resulting in memory corruption.

7.2
2020-10-27 CVE-2019-8528 Apple USE After Free vulnerability in Apple Iphone OS, mac OS X and Watchos

A use after free issue was addressed with improved memory management.

7.2
2020-10-27 CVE-2019-8525 Apple Unspecified vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved state management.

7.2
2020-10-26 CVE-2020-27187 KDE Command Injection vulnerability in KDE Partition Manager 4.1.0

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.

7.2
2020-10-29 CVE-2020-5937 F5 Unspecified vulnerability in F5 Big-Ip Advanced Firewall Manager

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic.

7.1
2020-10-27 CVE-2019-8780 Apple Unspecified vulnerability in Apple Iphone OS and Tvos

The issue was addressed with improved permissions logic.

7.1

183 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-30 CVE-2020-27014 Trendmicro Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in Trendmicro Antivirus 2020

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

6.9
2020-10-28 CVE-2020-8240 Pulsesecure Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider.

6.9
2020-10-28 CVE-2020-5145 Sonicwall Uncontrolled Search Path Element vulnerability in Sonicwall Global VPN Client 4.10.4.0314

SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability.

6.9
2020-10-28 CVE-2020-5144 Sonicwall Untrusted Search Path vulnerability in Sonicwall Global VPN Client 4.10.4.0314

SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.

6.9
2020-10-27 CVE-2020-15238 Blueman Project
Debian
Injection vulnerability in multiple products

Blueman is a GTK+ Bluetooth Manager.

6.9
2020-10-27 CVE-2020-23864 Iobit Unspecified vulnerability in Iobit Malware Fighter 8.0.2.547

An issue exits in IOBit Malware Fighter version 8.0.2.547.

6.9
2020-10-30 CVE-2020-4588 IBM Unrestricted Upload of File With Dangerous Type vulnerability in IBM I2 Ibase 8.9.13

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.

6.8
2020-10-29 CVE-2020-27651 Synology Missing Encryption of Sensitive Data vulnerability in Synology Router Manager

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

6.8
2020-10-29 CVE-2020-27649 Synology Improper Certificate Validation vulnerability in Synology Router Manager

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8
2020-10-29 CVE-2020-27648 Synology Improper Certificate Validation vulnerability in Synology Diskstation Manager and Skynas Firmware

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8
2020-10-29 CVE-2020-11485 Intel Cross-Site Request Forgery (CSRF) vulnerability in Intel BMC Firmware

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution.

6.8
2020-10-28 CVE-2020-27975 Oscommerce Cross-Site Request Forgery (CSRF) vulnerability in Oscommerce

osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.

6.8
2020-10-28 CVE-2020-8254 Pulsesecure Path Traversal vulnerability in Pulsesecure Pulse Secure Desktop Client

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server.

6.8
2020-10-27 CVE-2020-9961 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.8
2020-10-27 CVE-2020-9932 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

6.8
2020-10-27 CVE-2020-3851 Apple USE After Free vulnerability in Apple mac OS X

A use after free issue was addressed with improved memory management.

6.8
2020-10-27 CVE-2019-8848 Apple Improper Privilege Management vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2020-10-27 CVE-2019-8826 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved state management.

6.8
2020-10-27 CVE-2019-8825 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

6.8
2020-10-27 CVE-2019-8773 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8752 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8751 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8734 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8728 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8706 Apple Unspecified vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

6.8
2020-10-27 CVE-2019-8639 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8638 Apple Unspecified vulnerability in Apple products

Multiple memory corruption issues were addressed with improved memory handling.

6.8
2020-10-27 CVE-2019-8592 Apple Unspecified vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

6.8
2020-10-27 CVE-2019-8509 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed by removing the vulnerable code.

6.8
2020-10-27 CVE-2019-6238 Apple Improper Input Validation vulnerability in Apple mac OS X

A validation issue existed in the handling of symlinks.

6.8
2020-10-27 CVE-2018-4467 Apple Unspecified vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved state management.

6.8
2020-10-26 CVE-2020-18766 Antsword Project Cross-Site Scripting vulnerability in Antsword Project Antsword 2.0.7

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.

6.8
2020-10-27 CVE-2019-8759 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved bounds checking.

6.6
2020-10-30 CVE-2020-15277 Basercms Unrestricted Upload of File With Dangerous Type vulnerability in Basercms

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE).

6.5
2020-10-30 CVE-2020-7759 Pimcore SQL Injection vulnerability in Pimcore

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController.

6.5
2020-10-29 CVE-2020-27996 Smartstore Unspecified vulnerability in Smartstore Smartstorenet

An issue was discovered in SmartStoreNET before 4.0.1.

6.5
2020-10-28 CVE-2020-8260 Pulsesecure Unrestricted Upload of File With Dangerous Type vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

6.5
2020-10-27 CVE-2019-8840 Apple Out-Of-Bounds Read vulnerability in Apple Xcode

An out-of-bounds read was addressed with improved bounds checking.

6.5
2020-10-27 CVE-2019-8696 Apple Classic Buffer Overflow vulnerability in Apple mac OS X

A buffer overflow issue was addressed with improved memory handling.

6.5
2020-10-27 CVE-2019-8675 Apple Classic Buffer Overflow vulnerability in Apple mac OS X

A buffer overflow issue was addressed with improved memory handling.

6.5
2020-10-27 CVE-2020-15352 Pulsesecure XXE vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

6.5
2020-10-26 CVE-2020-15272 GIT TAG Annotation Action Project OS Command Injection vulnerability in Git-Tag-Annotation-Action Project Git-Tag-Annotation-Action

In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable].

6.5
2020-10-26 CVE-2020-7752 Systeminformation Command Injection vulnerability in Systeminformation

This affects the package systeminformation before 4.27.11.

6.5
2020-10-26 CVE-2020-7125 Arubanetworks Improper Privilege Management vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

6.5
2020-10-26 CVE-2020-7751 Chaijis Improper Input Validation vulnerability in Chaijis Pathval

pathval before version 1.1.1 is vulnerable to prototype pollution.

6.5
2020-10-28 CVE-2020-16263 Winstonprivacy Exposure of Resource TO Wrong Sphere vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins.

6.4
2020-10-27 CVE-2020-9782 Apple Path Traversal vulnerability in Apple mac OS X

A parsing issue in the handling of directory paths was addressed with improved path validation.

6.4
2020-10-27 CVE-2020-27890 TI Improper Input Validation vulnerability in TI Z-Stack 3.0.1

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message.

6.4
2020-10-27 CVE-2020-27181 Konzept IX Inadequate Encryption Strength vulnerability in Konzept-Ix Publixone

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.

6.4
2020-10-28 CVE-2020-15278 Cogboard Incorrect Authorization vulnerability in Cogboard RED Discord BOT

Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module.

6.0
2020-10-27 CVE-2020-9860 Apple Unspecified vulnerability in Apple Safari

A custom URL scheme handling issue was addressed with improved input validation.

5.8
2020-10-27 CVE-2020-3855 Apple Unspecified vulnerability in Apple mac OS X

An access issue was addressed with improved access restrictions.

5.8
2020-10-26 CVE-2020-26161 Octopus Open Redirect vulnerability in Octopus Deploy

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.

5.8
2020-10-28 CVE-2020-16258 Winstonprivacy USE of Hard-Coded Credentials vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.

5.6
2020-10-29 CVE-2020-27653 Synology USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Router Manager

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

5.1
2020-10-29 CVE-2020-27652 Synology USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Synology Diskstation Manager and Skynas Firmware

Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

5.1
2020-10-28 CVE-2020-8241 Pulsesecure Improper Certificate Validation vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.

5.1
2020-10-30 CVE-2020-4584 IBM Information Exposure Through AN Error Message vulnerability in IBM I2 Ibase 8.9.13

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2020-10-30 CVE-2020-7760 Codemirror Resource Exhaustion vulnerability in Codemirror

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.

5.0
2020-10-29 CVE-2020-25646 Ansible Collections Project Improper Encoding OR Escaping of Output vulnerability in Ansible Collections Project Community.Crypto

A flaw was found in Ansible Collection community.crypto.

5.0
2020-10-29 CVE-2020-25780 Commvault Path Traversal vulnerability in Commvault Commcell

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.

5.0
2020-10-29 CVE-2020-5931 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.

5.0
2020-10-29 CVE-2020-27993 Hrsale Path Traversal vulnerability in Hrsale 2.0.0

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.

5.0
2020-10-29 CVE-2019-4563 IBM Session Fixation vulnerability in IBM Security Directory Server 6.4.0.0

IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies.

5.0
2020-10-29 CVE-2019-4547 IBM Information Exposure Through AN Error Message vulnerability in IBM Security Directory Server 6.4.0.0

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data.

5.0
2020-10-29 CVE-2020-7746 Chartjs Improper Input Validation vulnerability in Chartjs Chart.Js

This affects the package chart.js before 2.9.4.

5.0
2020-10-29 CVE-2020-11616 Intel Incorrect Usage of Seeds in Pseudo-Random Number Generator (Prng) vulnerability in Intel BMC Firmware 1.06.06/2.47

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure.

5.0
2020-10-29 CVE-2020-11615 Intel USE of Hard-Coded Credentials vulnerability in Intel BMC Firmware

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.

5.0
2020-10-29 CVE-2020-11489 Intel Unspecified vulnerability in Intel BMC Firmware 1.06.06/2.47

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure.

5.0
2020-10-29 CVE-2020-11487 Intel USE of Hard-Coded Credentials vulnerability in Intel BMC Firmware

NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30.

5.0
2020-10-28 CVE-2020-27986 Sonarsource Insufficiently Protected Credentials vulnerability in Sonarsource Sonarqube 8.4.2.36762

** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.

5.0
2020-10-28 CVE-2020-24713 Getgophish Insufficient Session Expiration vulnerability in Getgophish Gophish

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.

5.0
2020-10-28 CVE-2020-24710 Getgophish Server-Side Request Forgery (SSRF) vulnerability in Getgophish Gophish

Gophish before 0.11.0 allows SSRF attacks.

5.0
2020-10-28 CVE-2020-27740 Citadel Unspecified vulnerability in Citadel Webcit 7.10/926

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform.

5.0
2020-10-28 CVE-2020-24990 QSC Path Traversal vulnerability in QSC Q-Sys Core Manager 8.2.1

An issue was discovered in QSC Q-SYS Core Manager 8.2.1.

5.0
2020-10-28 CVE-2020-25966 Sectona Insecure Storage of Sensitive Information vulnerability in Sectona Spectra 3.2.0

** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication.

5.0
2020-10-28 CVE-2020-16260 Winstonprivacy Missing Authorization vulnerability in Winstonprivacy Winston Firmware 1.5.4

Winston 1.5.4 devices do not enforce authorization.

5.0
2020-10-28 CVE-2020-4767 IBM Out-Of-Bounds Read vulnerability in IBM Sterling Connect:Direct

IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read.

5.0
2020-10-28 CVE-2020-27978 Shibboleth Resource Exhaustion vulnerability in Shibboleth Identify Provider

Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw.

5.0
2020-10-28 CVE-2020-22552 Snap7 Project Unspecified vulnerability in Snap7 Project Snap7 1.4.1

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.

5.0
2020-10-28 CVE-2020-6829 Mozilla Unspecified vulnerability in Mozilla Firefox

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation.

5.0
2020-10-27 CVE-2020-9941 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved checks.

5.0
2020-10-27 CVE-2020-9774 Apple Missing Encryption of Sensitive Data vulnerability in Apple mac OS X

An issue existed with Siri Suggestions access to encrypted data.

5.0
2020-10-27 CVE-2020-3852 Apple Improper Input Validation vulnerability in Apple Safari

A logic issue was addressed with improved validation.

5.0
2020-10-27 CVE-2020-27892 TI Unspecified vulnerability in TI Z-Stack 3.0.1

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message.

5.0
2020-10-27 CVE-2020-27891 TI Improper Input Validation vulnerability in TI Z-Stack 3.0.1

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message.

5.0
2020-10-27 CVE-2020-27888 UI Insufficiently Protected Credentials vulnerability in UI products

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices.

5.0
2020-10-27 CVE-2019-8858 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

5.0
2020-10-27 CVE-2019-8854 Apple Unspecified vulnerability in Apple products

A user privacy issue was addressed by removing the broadcast MAC address.

5.0
2020-10-27 CVE-2019-8851 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

5.0
2020-10-27 CVE-2019-8640 Apple Improper Input Validation vulnerability in Apple mac OS X

A logic issue was addressed with improved validation.

5.0
2020-10-27 CVE-2019-8633 Apple Improper Input Validation vulnerability in Apple products

A validation issue was addressed with improved input sanitization.

5.0
2020-10-27 CVE-2019-8631 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Tvos

A logic issue was addressed with improved state management.

5.0
2020-10-27 CVE-2019-8618 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Watchos

A logic issue was addressed with improved restrictions.

5.0
2020-10-27 CVE-2019-8580 Apple Unspecified vulnerability in Apple Airport Base Station Firmware

Source-routed IPv4 packets were disabled by default.

5.0
2020-10-27 CVE-2019-8575 Apple Unspecified vulnerability in Apple Airport Base Station Firmware

The issue was addressed with improved data deletion.

5.0
2020-10-27 CVE-2019-8564 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved validation.

5.0
2020-10-27 CVE-2018-4474 Apple Resource Exhaustion vulnerability in Apple products

A memory consumption issue was addressed with improved memory handling.

5.0
2020-10-27 CVE-2020-7755 DAT GUI Project Unspecified vulnerability in Dat.Gui Project Dat.Gui

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

5.0
2020-10-27 CVE-2020-7754 Npmjs Unspecified vulnerability in Npmjs Npm-User-Validate

This affects the package npm-user-validate before 1.0.1.

5.0
2020-10-27 CVE-2020-23945 Victor CMS Project SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0

A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file.

5.0
2020-10-27 CVE-2020-8579 Netapp Unspecified vulnerability in Netapp Clustered Data Ontap 9.7

Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).

5.0
2020-10-27 CVE-2020-10256 1Password Incorrect Usage of Seeds in Pseudo-Random Number Generator (Prng) vulnerability in 1Password Command-Line and Scim

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3.

5.0
2020-10-27 CVE-2020-7753 Trim Project Unspecified vulnerability in Trim Project Trim

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

5.0
2020-10-27 CVE-2020-27180 Konzept IX Information Exposure vulnerability in Konzept-Ix Publixone

konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

5.0
2020-10-26 CVE-2020-26566 Motion Project Out-Of-Bounds Read vulnerability in Motion Project Motion

A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.

5.0
2020-10-26 CVE-2020-7126 Arubanetworks Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

5.0
2020-10-26 CVE-2020-15897 Arista Unspecified vulnerability in Arista EOS

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

5.0
2020-10-26 CVE-2020-13100 Arista Unspecified vulnerability in Arista Cloudvision Exchange

Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

5.0
2020-10-31 CVE-2020-5425 Vmware Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.

4.6
2020-10-30 CVE-2020-5991 Nvidia Out-Of-Bounds Read vulnerability in Nvidia Cuda Toolkit 10.0.130/10.2.89/9.0.176

NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.

4.6
2020-10-29 CVE-2020-11488 Intel Improper Verification of Cryptographic Signature vulnerability in Intel BMC Firmware

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.

4.6
2020-10-28 CVE-2020-8250 Pulsesecure Improper Privilege Management vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

4.6
2020-10-28 CVE-2020-8249 Pulsesecure Classic Buffer Overflow vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.

4.6
2020-10-28 CVE-2020-8248 Pulsesecure Improper Privilege Management vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.

4.6
2020-10-27 CVE-2019-8579 Apple Improper Input Validation vulnerability in Apple mac OS X

An input validation issue was addressed with improved memory handling.

4.6
2020-10-27 CVE-2020-11858 Microfocus Unspecified vulnerability in Microfocus Operations Bridge and Operations Bridge Manager

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized).

4.6
2020-10-27 CVE-2020-6023 Checkpoint Unspecified vulnerability in Checkpoint Zonealarm

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

4.6
2020-10-29 CVE-2020-27885 Wso2 Cross-Site Scripting vulnerability in Wso2 API Manager 3.1.0

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0.

4.3
2020-10-29 CVE-2020-5936 F5 Resource Exhaustion vulnerability in F5 Big-Ip Local Traffic Manager

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.

4.3
2020-10-29 CVE-2020-5935 F5 Unspecified vulnerability in F5 products

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file.

4.3
2020-10-29 CVE-2020-21266 Broadleafcommerce Cross-Site Scripting vulnerability in Broadleafcommerce Broadleaf Commerce 5.1.14Ga

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.

4.3
2020-10-29 CVE-2020-27658 Synology Incorrect Permission Assignment FOR Critical Resource vulnerability in Synology Router Manager

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

4.3
2020-10-29 CVE-2020-27657 Synology Cleartext Transmission of Sensitive Information vulnerability in Synology Router Manager

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

4.3
2020-10-29 CVE-2020-27656 Synology Cleartext Transmission of Sensitive Information vulnerability in Synology Diskstation Manager

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

4.3
2020-10-29 CVE-2020-27650 Synology Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware

Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

4.3
2020-10-28 CVE-2020-24711 Getgophish Improper Restriction of Rendered UI Layers OR Frames vulnerability in Getgophish Gophish

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack

4.3
2020-10-28 CVE-2020-27741 Citadel Cross-Site Scripting vulnerability in Citadel Webcit 7.10/926

Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters.

4.3
2020-10-28 CVE-2018-19953 Qnap Cross-Site Scripting vulnerability in Qnap QTS

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

4.3
2020-10-28 CVE-2020-27974 Quadient Cross-Site Scripting vulnerability in Quadient Mail Accounting 5.0.6

NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.

4.3
2020-10-28 CVE-2020-24303 Grafana Cross-Site Scripting vulnerability in Grafana

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

4.3
2020-10-28 CVE-2020-8262 Pulsesecure Cross-Site Scripting vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

4.3
2020-10-28 CVE-2020-8261 Pulsesecure Classic Buffer Overflow vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.

4.3
2020-10-27 CVE-2020-16140 Thembay Cross-Site Scripting vulnerability in Thembay Greenmart 2.4.2

The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.

4.3
2020-10-27 CVE-2020-9982 Apple Missing Authorization vulnerability in Apple Music 3.4.0

This issue was addressed with improved checks to prevent unauthorized actions.

4.3
2020-10-27 CVE-2020-9857 Apple Unspecified vulnerability in Apple mac OS X

An issue existed in the parsing of URLs.

4.3
2020-10-27 CVE-2020-9786 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra.

4.3
2020-10-27 CVE-2019-8898 Apple Insecure Storage of Sensitive Information vulnerability in Apple products

An information disclosure issue existed in the handling of the Storage Access API.

4.3
2020-10-27 CVE-2019-8856 Apple Missing Authorization vulnerability in Apple products

An API issue existed in the handling of outgoing phone calls initiated with Siri.

4.3
2020-10-27 CVE-2019-8855 Apple Missing Authorization vulnerability in Apple mac OS X

An access issue was addressed with additional sandbox restrictions.

4.3
2020-10-27 CVE-2019-8853 Apple Improper Input Validation vulnerability in Apple mac OS X

A validation issue was addressed with improved input sanitization.

4.3
2020-10-27 CVE-2019-8850 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

4.3
2020-10-27 CVE-2019-8796 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved validation.

4.3
2020-10-27 CVE-2019-8664 Apple Improper Input Validation vulnerability in Apple Iphone OS and Watchos

An input validation issue was addressed with improved input validation.

4.3
2020-10-27 CVE-2019-8839 Apple Classic Buffer Overflow vulnerability in Apple mac OS X

A buffer overflow was addressed with improved bounds checking.

4.3
2020-10-27 CVE-2019-8827 Apple Unspecified vulnerability in Apple products

The HTTP referrer header may be used to leak browsing history.

4.3
2020-10-27 CVE-2019-8774 Apple Resource Exhaustion vulnerability in Apple Ipad OS and Iphone OS

A resource exhaustion issue was addressed with improved input validation.

4.3
2020-10-27 CVE-2019-8771 Apple Improper Restriction of Rendered UI Layers OR Frames vulnerability in Apple Iphone OS and Safari

This issue was addressed with improved iframe sandbox enforcement.

4.3
2020-10-27 CVE-2019-8762 Apple Cross-Site Scripting vulnerability in Apple products

A validation issue was addressed with improved logic.

4.3
2020-10-27 CVE-2019-8761 Apple Information Exposure vulnerability in Apple mac OS X

This issue was addressed with improved checks.

4.3
2020-10-27 CVE-2019-8754 Apple Origin Validation Error vulnerability in Apple mac OS X

A cross-origin issue existed with "iframe" elements.

4.3
2020-10-27 CVE-2019-8753 Apple Cross-Site Scripting vulnerability in Apple products

This issue was addressed with improved checks.

4.3
2020-10-27 CVE-2019-8744 Apple Unspecified vulnerability in Apple products

A memory corruption issue existed in the handling of IPv6 packets.

4.3
2020-10-27 CVE-2019-8668 Apple Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos

A denial of service issue was addressed with improved validation.

4.3
2020-10-27 CVE-2019-8656 Apple Unspecified vulnerability in Apple mac OS X

This was addressed with additional checks by Gatekeeper on files mounted through a network share.

4.3
2020-10-27 CVE-2019-8642 Apple Improper Certificate Validation vulnerability in Apple mac OS X

An issue existed in the handling of S-MIME certificates.

4.3
2020-10-27 CVE-2019-8582 Apple Out-Of-Bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved bounds checking.

4.3
2020-10-27 CVE-2019-8570 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

4.3
2020-10-27 CVE-2019-8538 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Watchos

A denial of service issue was addressed with improved validation.

4.3
2020-10-27 CVE-2019-8532 Apple Unspecified vulnerability in Apple Iphone OS and Watchos

A permissions issue was addressed by removing vulnerable code and adding additional checks.

4.3
2020-10-27 CVE-2018-4468 Apple Unspecified vulnerability in Apple mac OS X 10.14/10.14.0

This issue was addressed by removing additional entitlements.

4.3
2020-10-27 CVE-2018-4444 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

4.3
2020-10-27 CVE-2018-4433 Apple Unspecified vulnerability in Apple products

A configuration issue was addressed with additional restrictions.

4.3
2020-10-27 CVE-2018-4391 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Watchos

An inconsistent user interface issue was addressed with improved state management.

4.3
2020-10-27 CVE-2018-4390 Apple Unspecified vulnerability in Apple Iphone OS, mac OS X and Watchos

An inconsistent user interface issue was addressed with improved state management.

4.3
2020-10-27 CVE-2018-4381 Apple Resource Exhaustion vulnerability in Apple Iphone OS and Tvos

A resource exhaustion issue was addressed with improved input validation.

4.3
2020-10-27 CVE-2020-27182 Konzept IX Cross-Site Scripting vulnerability in Konzept-Ix Publixone

Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.

4.3
2020-10-26 CVE-2020-1915 Facebook Out-Of-Bounds Read vulnerability in Facebook Hermes

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript.

4.3
2020-10-26 CVE-2020-25470 Antsword Project Cross-Site Scripting vulnerability in Antsword Project Antsword 2.1.8.1

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion.

4.3
2020-10-29 CVE-2020-5938 F5 Inadequate Encryption Strength vulnerability in F5 products

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

4.0
2020-10-29 CVE-2020-11484 Intel Insecure Storage of Sensitive Information vulnerability in Intel BMC Firmware 1.06.06/2.47

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure.

4.0
2020-10-28 CVE-2020-27742 Citadel Authorization Bypass Through User-Controlled KEY vulnerability in Citadel Webcit 7.10/926

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template.

4.0
2020-10-28 CVE-2020-4782 IBM Path Traversal vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system.

4.0
2020-10-28 CVE-2020-8255 Pulsesecure Unspecified vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.

4.0
2020-10-27 CVE-2019-8901 Apple Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS

This issue was addressed by verifying host keys when connecting to a previously-known SSH server.

4.0
2020-10-27 CVE-2019-8834 Apple Unspecified vulnerability in Apple products

A configuration issue was addressed with additional restrictions.

4.0
2020-10-27 CVE-2019-8737 Apple Improper Input Validation vulnerability in Apple mac OS X

A denial of service issue was addressed with improved validation.

4.0
2020-10-27 CVE-2019-8736 Apple Improper Input Validation vulnerability in Apple mac OS X

An input validation issue was addressed with improved input validation.

4.0
2020-10-27 CVE-2019-8645 Apple Unspecified vulnerability in Apple mac OS X

An issue existed in the handling of encrypted Mail.

4.0
2020-10-27 CVE-2019-8612 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

4.0
2020-10-27 CVE-2019-7291 Apple Unspecified vulnerability in Apple Airport Base Station Firmware

A denial of service issue was addressed with improved memory handling.

4.0
2020-10-26 CVE-2020-25034 Fireeye SQL Injection vulnerability in Fireeye Email Malware Protection System

eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.

4.0
2020-10-26 CVE-2020-7196 HP Insufficiently Protected Credentials vulnerability in HP Bluedata Epic and Ezmeral Container Platform

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval.

4.0

39 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-27 CVE-2018-4428 Apple Unspecified vulnerability in Apple Iphone OS

A lock screen issue allowed access to the share function on a locked device.

3.6
2020-10-27 CVE-2020-6022 Checkpoint Unspecified vulnerability in Checkpoint Zonealarm

Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.

3.6
2020-10-30 CVE-2020-15276 Basercms Cross-Site Scripting vulnerability in Basercms

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting.

3.5
2020-10-30 CVE-2020-15273 Basercms Cross-Site Scripting vulnerability in Basercms

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting.

3.5
2020-10-29 CVE-2020-26205 SAL Project Cross-Site Scripting vulnerability in SAL Project SAL

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter.

3.5
2020-10-29 CVE-2020-5932 F5 Cross-Site Scripting vulnerability in F5 Big-Ip Application Security Manager

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages.

3.5
2020-10-29 CVE-2020-25516 Wso2 Cross-Site Scripting vulnerability in Wso2 Enterprise Integrator 6.4.0/6.5.0/6.6.0

WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.

3.5
2020-10-28 CVE-2020-24712 Getgophish Cross-Site Scripting vulnerability in Getgophish Gophish

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.

3.5
2020-10-28 CVE-2020-24709 Getgophish Cross-Site Scripting vulnerability in Getgophish Gophish

Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.

3.5
2020-10-28 CVE-2020-24708 Getgophish Cross-Site Scripting vulnerability in Getgophish Gophish

Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.

3.5
2020-10-28 CVE-2020-27980 Genexis Cross-Site Scripting vulnerability in Genexis Platinum-4410 Firmware 1.28

Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter.

3.5
2020-10-28 CVE-2018-19943 Qnap Cross-Site Scripting vulnerability in Qnap QTS

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

3.5
2020-10-28 CVE-2020-8263 Pulsesecure Cross-Site Scripting vulnerability in Pulsesecure Pulse Secure Desktop Client 9.1

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

3.5
2020-10-28 CVE-2020-27957 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data.

3.5
2020-10-26 CVE-2020-15274 Requarks Cross-Site Scripting vulnerability in Requarks Wiki.Js

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results.

3.5
2020-10-26 CVE-2020-6876 ZTE Cross-Site Scripting vulnerability in ZTE Evdc Zxcloudirosv6.03.04

A ZTE product is impacted by an XSS vulnerability.

3.5
2020-10-29 CVE-2020-5934 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted.

3.3
2020-10-29 CVE-2020-4864 IBM Authentication Bypass BY Spoofing vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0

IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address.

3.3
2020-10-27 CVE-2019-8842 Apple Classic Buffer Overflow vulnerability in Apple mac OS X

A buffer overflow was addressed with improved bounds checking.

2.6
2020-10-31 CVE-2020-15703 Aptdaemon Project Path Traversal vulnerability in Aptdaemon Project Aptdaemon 1.1.1

There is no input validation on the Locale property in an apt transaction.

2.1
2020-10-30 CVE-2020-27015 Trendmicro Information Exposure Through AN Error Message vulnerability in Trendmicro Antivirus 2020

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland.

2.1
2020-10-29 CVE-2020-14323 Samba
Fedoraproject
Opensuse
Improper Null Termination vulnerability in multiple products

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.

2.1
2020-10-29 CVE-2020-27747 Clickstudios Insufficiently Protected Credentials vulnerability in Clickstudios Passwordstate 8.9

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code.

2.1
2020-10-28 CVE-2020-27981 Firefly III Cross-Site Scripting vulnerability in Firefly-Iii Firefly III

An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles.

2.1
2020-10-28 CVE-2020-25374 Cyberark Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

2.1
2020-10-28 CVE-2020-25204 Innogames Unspecified vulnerability in Innogames GOD Kings 0.60.1

The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver.

2.1
2020-10-27 CVE-2020-9979 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A trust issue was addressed by removing a legacy API.

2.1
2020-10-27 CVE-2019-8857 Apple Missing Authorization vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved validation when an iCloud Link is created.

2.1
2020-10-27 CVE-2019-8809 Apple Unspecified vulnerability in Apple products

A validation issue was addressed with improved logic.

2.1
2020-10-27 CVE-2019-8799 Apple Insecure Storage of Sensitive Information vulnerability in Apple products

This issue was resolved by replacing device names with a random identifier.

2.1
2020-10-27 CVE-2019-8790 Apple Insecure Storage of Sensitive Information vulnerability in Apple Swift

This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0.

2.1
2020-10-27 CVE-2019-8777 Apple Incorrect Default Permissions vulnerability in Apple mac OS X

A lock screen issue allowed access to contacts on a locked device.

2.1
2020-10-27 CVE-2019-8732 Apple Information Exposure vulnerability in Apple Iphone OS

The issue was addressed with improved data deletion.

2.1
2020-10-27 CVE-2019-8708 Apple Unspecified vulnerability in Apple Iphone OS and mac OS X

A logic issue was addressed with improved restrictions.

2.1
2020-10-27 CVE-2018-4448 Apple Unspecified vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

2.1
2020-10-27 CVE-2018-4339 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with a new entitlement.

2.1
2020-10-27 CVE-2018-21269 Openrc Project Link Following vulnerability in Openrc Project Openrc

checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.

2.1
2020-10-26 CVE-2017-18925 Openr Link Following vulnerability in Openr Opentmpfiles

opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.

2.1
2020-10-27 CVE-2020-8956 Pulsesecure Weak Password Requirements vulnerability in Pulsesecure Pulse Secure Desktop

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.

1.9