Weekly Vulnerabilities Reports > November 2 to 8, 2020

Overview

316 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 154 high severity vulnerabilities. This weekly summary report vulnerabilities in 404 products from 106 vendors including Debian, Fedoraproject, Google, Opensuse, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use After Free", "Out-of-bounds Write", "Classic Buffer Overflow", and "Out-of-bounds Read".

  • 229 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 69 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 201 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 60 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

48 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-08 CVE-2020-28347 TP Link OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.

9.8
2020-11-08 CVE-2020-28340 Google Unspecified vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software.

9.8
2020-11-06 CVE-2020-3284 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device.

9.8
2020-11-06 CVE-2020-26214 Alerta Project Unspecified vulnerability in Alerta Project Alerta

In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider.

9.8
2020-11-06 CVE-2020-25172 Bbraun Unspecified vulnerability in Bbraun Onlinesuite Application Package 3.0

A relative path traversal attack in the B.

9.8
2020-11-06 CVE-2020-26892 Linuxfoundation
Fedoraproject
Use of Hard-coded Credentials vulnerability in multiple products

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.

9.8
2020-11-06 CVE-2020-25592 Saltstack
Debian
Improper Authentication vulnerability in multiple products

In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens.

9.8
2020-11-06 CVE-2020-16846 Saltstack
Debian
Fedoraproject
OS Command Injection vulnerability in multiple products

An issue was discovered in SaltStack Salt through 3002.

9.8
2020-11-06 CVE-2020-28250 Cellinx Unspecified vulnerability in Cellinx NVT web Server 5.0.0.014B

Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.

9.8
2020-11-06 CVE-2020-5648 Mitsubishielectric Argument Injection or Modification vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.

9.8
2020-11-06 CVE-2020-5647 Mitsubishielectric Unspecified vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

9.8
2020-11-06 CVE-2020-5644 Mitsubishielectric Classic Buffer Overflow vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

9.8
2020-11-05 CVE-2020-17510 Apache
Debian
Improper Authentication vulnerability in multiple products

Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

9.8
2020-11-05 CVE-2020-12145 Silver Peak Improper Authentication vulnerability in Silver-Peak Unity Orchestrator

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost.

9.8
2020-11-05 CVE-2020-27955 GIT Large File Storage Project Uncontrolled Search Path Element vulnerability in GIT Large File Storage Project GIT Large File Storage 2.12.0

Git LFS 2.12.0 allows Remote Code Execution.

9.8
2020-11-04 CVE-2020-7128 Arubanetworks Missing Authentication for Critical Function vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

9.8
2020-11-04 CVE-2020-27689 Imomobile Use of Hard-coded Credentials vulnerability in Imomobile Verve Connect Vh510 Firmware

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface.

9.8
2020-11-04 CVE-2020-22274 Jomsocial Improper Neutralization of Formula Elements in a CSV File vulnerability in Jomsocial 4.7.6

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.

9.8
2020-11-04 CVE-2020-26167 Thedaylightstudio Unspecified vulnerability in Thedaylightstudio Fuel CMS

In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.

9.8
2020-11-04 CVE-2020-22276 Weformspro Improper Neutralization of Formula Elements in a CSV File vulnerability in Weformspro Weforms 1.4.7

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.

9.8
2020-11-04 CVE-2020-2301 Jenkins Unspecified vulnerability in Jenkins Active Directory

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.

9.8
2020-11-04 CVE-2020-2300 Jenkins Unspecified vulnerability in Jenkins Active Directory

Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.

9.8
2020-11-04 CVE-2020-2299 Jenkins Unspecified vulnerability in Jenkins Active Directory

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.

9.8
2020-11-03 CVE-2020-1909 Whatsapp Use After Free vulnerability in Whatsapp and Whatsapp Business

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution.

9.8
2020-11-03 CVE-2020-15993 Google Use After Free vulnerability in Google Chrome

Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.8
2020-11-02 CVE-2020-5656 Mitsubishielectric Unspecified vulnerability in Mitsubishielectric products

Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

9.8
2020-11-02 CVE-2020-5653 Mitsubishielectric Classic Buffer Overflow vulnerability in Mitsubishielectric products

Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.

9.8
2020-11-02 CVE-2020-28037 Wordpress
Fedoraproject
Debian
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).

9.8
2020-11-02 CVE-2020-28036 Wordpress
Fedoraproject
Debian
Missing Authorization vulnerability in multiple products

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

9.8
2020-11-02 CVE-2020-28035 Wordpress
Fedoraproject
Debian
WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.
9.8
2020-11-02 CVE-2020-28032 Wordpress
Fedoraproject
Debian
Deserialization of Untrusted Data vulnerability in multiple products

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.

9.8
2020-11-02 CVE-2020-24881 Osticket Server-Side Request Forgery (SSRF) vulnerability in Osticket

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

9.8
2020-11-02 CVE-2020-23639 Moxa Command Injection vulnerability in Moxa Vport 461 Firmware 3.4

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.

9.8
2020-11-02 CVE-2018-19025 Juuko Unspecified vulnerability in Juuko K-808 Firmware

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).

9.8
2020-11-02 CVE-2018-17932 Juuko Unspecified vulnerability in Juuko K-800 Firmware

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.

9.8
2020-11-02 CVE-2018-19950 Qnap Command Injection vulnerability in Qnap Music Station

If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands.

9.8
2020-11-02 CVE-2020-3703 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central device(This CVE is equivalent to Link Layer Length Overfow issue (CVE-2019-16336,CVE-2019-17519) and Silent Length Overflow issue(CVE-2019-17518) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8076, AR9344, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, Nicobar, QCA6174A, QCA9377, QCM2150, QCM6125, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SC8180X, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

9.8
2020-11-02 CVE-2020-3692 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

9.8
2020-11-02 CVE-2020-3673 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

9.8
2020-11-02 CVE-2020-3657 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250

9.8
2020-11-02 CVE-2020-3654 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

9.8
2020-11-02 CVE-2020-11172 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980

9.8
2020-11-02 CVE-2020-11153 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55

9.8
2020-11-03 CVE-2020-16011 Google
Opensuse
Debian
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

9.6
2020-11-02 CVE-2020-28039 Wordpress
Debian
Canonical
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
9.1
2020-11-02 CVE-2020-3670 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.1
2020-11-02 CVE-2020-11169 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

9.1
2020-11-05 CVE-2020-15952 Immuta Cross-site Scripting vulnerability in Immuta 2.8.2

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions.

9.0

154 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-07 CVE-2020-28339 Collne Deserialization of Untrusted Data vulnerability in Collne Welcart E-Commerce

The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize.

8.8
2020-11-06 CVE-2020-15259 Auth0 Unspecified vulnerability in Auth0 Ad/Ldap Connector

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss.

8.8
2020-11-06 CVE-2020-3371 Cisco OS Command Injection vulnerability in Cisco Integrated Management Controller 3.0(1C)

A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level.

8.8
2020-11-06 CVE-2020-28328 Salesagility Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting.

8.8
2020-11-06 CVE-2020-7198 HP Unspecified vulnerability in HP Oneview, Synergy Composer and Synergy Composer 2

There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer.

8.8
2020-11-05 CVE-2020-6877 ZTE Unspecified vulnerability in ZTE Zxa10 Eodn Firmware 2.3P2T1

A ZTE product is impacted by an information leak vulnerability.

8.8
2020-11-05 CVE-2020-25661 Redhat Unspecified vulnerability in Redhat Enterprise Linux 8.3

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID.

8.8
2020-11-05 CVE-2020-13661 Telerik Unspecified vulnerability in Telerik Fiddler 5.0.20202.18177

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program.

8.8
2020-11-05 CVE-2020-12147 Silver Peak Path Traversal vulnerability in Silver-Peak Unity Orchestrator

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing.

8.8
2020-11-05 CVE-2020-12146 Silver Peak Path Traversal vulnerability in Silver-Peak Unity Orchestrator

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.

8.8
2020-11-05 CVE-2020-25398 Mind Improper Neutralization of Formula Elements in a CSV File vulnerability in Mind Imind Server 3.13.65

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.

8.8
2020-11-05 CVE-2020-28115 WEB Audimex SQL Injection vulnerability in Web-Audimex Audimexee 14.1.0

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.

8.8
2020-11-05 CVE-2020-24849 Fruitywifi Project OS Command Injection vulnerability in Fruitywifi Project Fruitywifi

A remote code execution vulnerability is identified in FruityWifi through 2.4.

8.8
2020-11-05 CVE-2020-15950 Immuta Insufficient Session Expiration vulnerability in Immuta 2.8.2

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.

8.8
2020-11-05 CVE-2020-27387 Horizontcms Project Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>.

8.8
2020-11-04 CVE-2020-27692 Imomobile Cross-Site Request Forgery (CSRF) vulnerability in Imomobile Verve Connect Vh510 Firmware

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal.

8.8
2020-11-04 CVE-2020-22278 Phpmyadmin Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyadmin

phpMyAdmin through 5.0.2 allows CSV injection via Export Section.

8.8
2020-11-04 CVE-2020-22275 Easyregistrationforms Improper Neutralization of Formula Elements in a CSV File vulnerability in Easyregistrationforms Easy Registration Forms 2.0.6

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands.

8.8
2020-11-03 CVE-2020-16010 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16009 Google
Microsoft
Cefsharp
Opensuse
Fedoraproject
Debian
Type Confusion vulnerability in multiple products

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16008 Google
Debian
Opensuse
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.

8.8
2020-11-03 CVE-2020-16006 Google
Debian
Opensuse
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16005 Google
Opensuse
Debian
Fedoraproject
Improper Handling of Exceptional Conditions vulnerability in multiple products

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16004 Google
Opensuse
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16003 Google
Debian
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16002 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

8.8
2020-11-03 CVE-2020-16001 Google
Debian
Opensuse
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-16000 Google
Fedoraproject
Opensuse
Debian
Out-of-bounds Write vulnerability in multiple products

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15998 Google Use After Free vulnerability in Google Chrome

Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15997 Google Use After Free vulnerability in Google Chrome

Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15996 Google Use After Free vulnerability in Google Chrome

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15995 Google
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15994 Google Use After Free vulnerability in Google Chrome

Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15992 Google
Debian
Opensuse
Fedoraproject
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
8.8
2020-11-03 CVE-2020-15991 Google
Opensuse
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15990 Google
Debian
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15987 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

8.8
2020-11-03 CVE-2020-15979 Google
Debian
Fedoraproject
Opensuse
Out-of-bounds Write vulnerability in multiple products

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15978 Google
Debian
Fedoraproject
Opensuse
Improper Input Validation vulnerability in multiple products

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15976 Google
Debian
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15975 Google
Fedoraproject
Opensuse
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15974 Google
Debian
Fedoraproject
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15972 Google
Debian
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15971 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15970 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15969 Google
Debian
Fedoraproject
Opensuse
Apple
Use After Free vulnerability in multiple products

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15968 Google
Debian
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-11-03 CVE-2020-15967 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

8.8
2020-11-02 CVE-2020-11155 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

8.8
2020-11-02 CVE-2020-11154 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

8.8
2020-11-02 CVE-2020-11114 Qualcomm Out-of-bounds Read vulnerability in Qualcomm Ar9344 Firmware

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344

8.8
2020-11-03 CVE-2020-26211 Bookstackapp Unspecified vulnerability in Bookstackapp Bookstack

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted.

8.7
2020-11-03 CVE-2020-26210 Bookstackapp Unspecified vulnerability in Bookstackapp Bookstack

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page.

8.7
2020-11-05 CVE-2020-5945 F5 Cross-site Scripting vulnerability in F5 products

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS).

8.4
2020-11-06 CVE-2020-10292 Kuka Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kuka Visual Components Network License Server 2.0.8

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes.

8.2
2020-11-02 CVE-2020-11156 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250

8.1
2020-11-02 CVE-2020-11141 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250

8.1
2020-11-04 CVE-2020-26207 Databaseschemareader Project Unspecified vulnerability in Databaseschemareader Project Dbschemareader

DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file.

8.0
2020-11-04 CVE-2020-22277 Codection Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers

Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.

8.0
2020-11-08 CVE-2020-28343 Google Out-of-bounds Write vulnerability in Google Android 10.0/9.0

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software.

7.8
2020-11-08 CVE-2020-28342 Google Unspecified vulnerability in Google Android 10.0/9.0

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software.

7.8
2020-11-08 CVE-2020-28341 Google Classic Buffer Overflow vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software.

7.8
2020-11-07 CVE-2020-16122 Packagekit Project
Canonical
Insufficient Verification of Data Authenticity vulnerability in multiple products

PackageKit's apt backend mistakenly treated all local debs as trusted.

7.8
2020-11-06 CVE-2020-3604 Cisco Out-of-bounds Write vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system.

7.8
2020-11-06 CVE-2020-3603 Cisco Out-of-bounds Write vulnerability in Cisco Webex Meetings and Webex Meetings Server

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system.

7.8
2020-11-06 CVE-2020-3600 Cisco Incorrect Authorization vulnerability in Cisco Sd-Wan

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.

7.8
2020-11-06 CVE-2020-3595 Cisco Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system.

7.8
2020-11-06 CVE-2020-3594 Cisco Improper Privilege Management vulnerability in Cisco Sd-Wan

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.

7.8
2020-11-06 CVE-2020-3593 Cisco Improper Privilege Management vulnerability in Cisco Sd-Wan

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.

7.8
2020-11-06 CVE-2020-3588 Cisco Path Traversal vulnerability in Cisco Webex Meetings

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system.

7.8
2020-11-06 CVE-2020-3573 Cisco Improper Initialization vulnerability in Cisco Webex Meetings and Webex Meetings Server

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system.

7.8
2020-11-06 CVE-2020-5794 Tenable Unspecified vulnerability in Tenable Nessus Network Monitor 5.11.0/5.11.1/5.12.0

A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory.

7.8
2020-11-06 CVE-2020-25174 Bbraun Unspecified vulnerability in Bbraun Onlinesuite Application Package 3.0

A DLL hijacking vulnerability in the B.

7.8
2020-11-06 CVE-2020-25170 Bbraun Unspecified vulnerability in Bbraun Onlinesuite Application Package 3.0

An Excel Macro Injection vulnerability exists in the export feature in the B.

7.8
2020-11-06 CVE-2020-27347 Tmux Project Out-of-bounds Write vulnerability in Tmux Project Tmux

In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.

7.8
2020-11-06 CVE-2020-15708 Canonical Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Ubuntu Linux 20.04

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions.

7.8
2020-11-05 CVE-2020-13537 Moxa Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation.

7.8
2020-11-05 CVE-2020-13536 Moxa Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation.

7.8
2020-11-05 CVE-2020-5793 Tenable Unspecified vulnerability in Tenable Nessus and Nessus Agent

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory.

7.8
2020-11-05 CVE-2020-24437 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

7.8
2020-11-05 CVE-2020-24436 Adobe Unspecified vulnerability in Adobe products

Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure.

7.8
2020-11-05 CVE-2020-24435 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user.

7.8
2020-11-05 CVE-2020-24433 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM.

7.8
2020-11-05 CVE-2020-24432 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user.

7.8
2020-11-05 CVE-2020-24430 Adobe Use After Free vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript.

7.8
2020-11-05 CVE-2020-24429 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation.

7.8
2020-11-05 CVE-2020-26507 Marmind Improper Neutralization of Formula Elements in a CSV File vulnerability in Marmind 4.1.141.0

A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers.

7.8
2020-11-05 CVE-2020-25399 Mind Cross-site Scripting vulnerability in Mind Imind Server 3.13.65

Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.

7.8
2020-11-05 CVE-2020-27402 Hindotech Unspecified vulnerability in Hindotech HK1 BOX S905X3 Firmware Hk1X3S905X34Bitv1120191105

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.

7.8
2020-11-03 CVE-2020-16007 Google
Debian
Opensuse
Link Following vulnerability in multiple products

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.

7.8
2020-11-03 CVE-2020-15983 Google
Fedoraproject
Debian
Opensuse
Improper Input Validation vulnerability in multiple products

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.

7.8
2020-11-03 CVE-2020-15980 Google
Opensuse
Fedoraproject
Debian
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
7.8
2020-11-02 CVE-2020-28046 PAX Improper Privilege Management vulnerability in PAX Prolinos 2.4.161.8859R

An issue was discovered in ProlinOS through 2.4.161.8859R.

7.8
2020-11-02 CVE-2020-28045 PAX Improper Verification of Cryptographic Signature vulnerability in PAX Prolinos 2.4.161.8859R

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R.

7.8
2020-11-02 CVE-2020-27992 Wondershare Incorrect Permission Assignment for Critical Resource vulnerability in Wondershare Dr.Fone 3.0.0

Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.

7.8
2020-11-02 CVE-2020-27708 EA Uncontrolled Search Path Element vulnerability in EA Origin

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System.

7.8
2020-11-02 CVE-2020-14425 Foxitsoftware Unspecified vulnerability in Foxitsoftware Foxit Reader 9.7.1/9.7.1.29511/9.7.2.29539

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API.

7.8
2020-11-02 CVE-2020-3696 Qualcomm Use After Free vulnerability in Qualcomm products

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24

7.8
2020-11-02 CVE-2020-3694 Qualcomm Unspecified vulnerability in Qualcomm products

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130

7.8
2020-11-02 CVE-2020-3693 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130

7.8
2020-11-02 CVE-2020-3690 Qualcomm Unspecified vulnerability in Qualcomm products

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

7.8
2020-11-02 CVE-2020-3684 Qualcomm Unspecified vulnerability in Qualcomm products

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8098, Bitra, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8998, Nicobar, QCA6390, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

7.8
2020-11-02 CVE-2020-3678 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Kamorta, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SXR1130

7.8
2020-11-02 CVE-2020-3638 Qualcomm Unspecified vulnerability in Qualcomm products

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

7.8
2020-11-02 CVE-2020-11174 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130

7.8
2020-11-02 CVE-2020-11164 Qualcomm Unspecified vulnerability in Qualcomm products

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access control' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8909W, MSM8917, MSM8940, Nicobar, QCA6390, QCM2150, QCS605, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429W, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

7.8
2020-11-02 CVE-2020-11162 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

7.8
2020-11-02 CVE-2020-11125 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

7.8
2020-11-05 CVE-2020-24428 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation.

7.7
2020-11-08 CVE-2020-7764 Find MY WAY Project HTTP Request Smuggling vulnerability in Find-My-Way Project Find-My-Way

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5.

7.5
2020-11-08 CVE-2020-28345 Google NULL Pointer Dereference vulnerability in Google Android 10.0

An issue was discovered on LG mobile devices with Android OS 10 software.

7.5
2020-11-08 CVE-2020-28344 Google NULL Pointer Dereference vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software.

7.5
2020-11-06 CVE-2020-3574 Cisco Unspecified vulnerability in Cisco products

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload.

7.5
2020-11-06 CVE-2020-3444 Cisco Unspecified vulnerability in Cisco IOS XE

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters.

7.5
2020-11-06 CVE-2020-26213 Teler Project Unspecified vulnerability in Teler Project Teler

In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills.

7.5
2020-11-06 CVE-2020-8580 Netapp Unspecified vulnerability in Netapp E-Series Santricity OS Controller

SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS).

7.5
2020-11-06 CVE-2020-27589 Synopsys Improper Certificate Validation vulnerability in Synopsys Hub-Rest-Api-Python

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.

7.5
2020-11-06 CVE-2020-27196 Lightbend Out-of-bounds Write vulnerability in Lightbend Play Framework

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2.

7.5
2020-11-06 CVE-2020-26883 Lightbend Uncontrolled Recursion vulnerability in Lightbend Play Framework

In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents.

7.5
2020-11-06 CVE-2020-26882 Lightbend Uncontrolled Recursion vulnerability in Lightbend Play Framework

In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input.

7.5
2020-11-06 CVE-2020-10291 Kuka Missing Authentication for Critical Function vulnerability in Kuka Visual Components Network License Server 2.0.8

Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes.

7.5
2020-11-06 CVE-2020-28196 MIT
Fedoraproject
Netapp
Oracle
Uncontrolled Recursion vulnerability in multiple products

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

7.5
2020-11-06 CVE-2020-26521 Linuxfoundation
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

7.5
2020-11-06 CVE-2020-5649 Mitsubishielectric Unspecified vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-06 CVE-2020-5646 Mitsubishielectric NULL Pointer Dereference vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-06 CVE-2020-5645 Mitsubishielectric Session Fixation vulnerability in Mitsubishielectric Coreos 05.65.00.Bd

Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-05 CVE-2020-25837 Microfocus Unspecified vulnerability in Microfocus Self Service Password Reset

Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product.

7.5
2020-11-05 CVE-2020-5946 F5 Unspecified vulnerability in F5 Big-Ip Fraud Protection Service

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

7.5
2020-11-05 CVE-2020-5942 F5 Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager

In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart.

7.5
2020-11-05 CVE-2020-5941 F5 Unspecified vulnerability in F5 products

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart.

7.5
2020-11-05 CVE-2020-5939 F5 Unspecified vulnerability in F5 products

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic.

7.5
2020-11-05 CVE-2020-27688 Robware Insufficiently Protected Credentials vulnerability in Robware Rvtools 4.0.6

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files.

7.5
2020-11-05 CVE-2020-15949 Immuta Improper Authentication vulnerability in Immuta 2.8.2

Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.

7.5
2020-11-04 CVE-2020-25201 Hashicorp Unspecified vulnerability in Hashicorp Consul

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes.

7.5
2020-11-04 CVE-2020-8037 Tcpdump
Debian
Fedoraproject
Apple
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

7.5
2020-11-04 CVE-2020-8036 Tcpdump Out-of-bounds Read vulnerability in Tcpdump 4.10.0

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

7.5
2020-11-02 CVE-2020-9861 Apple Uncontrolled Recursion vulnerability in Apple Swift

A stack overflow issue existed in Swift for Linux.

7.5
2020-11-02 CVE-2020-9368 Oleacorner Path Traversal vulnerability in Oleacorner Olea Gift on Order 5.0.8

The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/..

7.5
2020-11-02 CVE-2020-8183 Nextcloud Insufficiently Protected Credentials vulnerability in Nextcloud Server

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

7.5
2020-11-02 CVE-2020-5658 Mitsubishielectric Unspecified vulnerability in Mitsubishielectric products

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-02 CVE-2020-5655 Mitsubishielectric NULL Pointer Dereference vulnerability in Mitsubishielectric products

NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-02 CVE-2020-5654 Mitsubishielectric Session Fixation vulnerability in Mitsubishielectric products

Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.

7.5
2020-11-02 CVE-2020-5652 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric products

Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition .

7.5
2020-11-02 CVE-2020-28043 Misp Server-Side Request Forgery (SSRF) vulnerability in Misp

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

7.5
2020-11-02 CVE-2020-28033 Wordpress
Fedoraproject
Debian
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed.
7.5
2020-11-02 CVE-2020-28030 Wireshark
Debian
Fedoraproject
Infinite Loop vulnerability in multiple products

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash.

7.5
2020-11-02 CVE-2020-10937 Protocol Unspecified vulnerability in Protocol Ipfs 0.4.23

An issue was discovered in IPFS (aka go-ipfs) 0.4.23.

7.5
2020-11-02 CVE-2018-19952 Qnap SQL Injection vulnerability in Qnap Music Station

If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information.

7.5
2020-11-02 CVE-2020-3704 Qualcomm Improper Locking vulnerability in Qualcomm products

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, AR9344, Bitra, IPQ5018, Kamorta, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9886, QCM6125, QCN7605, QCS404, QCS405, QCS605, QCS610, QRB5165, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

7.5
2020-11-02 CVE-2020-11157 Qualcomm Unspecified vulnerability in Qualcomm products

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632

7.5
2020-11-06 CVE-2020-3556 Cisco Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.9(3052)/98.145(86)

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script.

7.3
2020-11-04 CVE-2020-7129 Arubanetworks Unspecified vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

7.2
2020-11-06 CVE-2017-18926 Librdf
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

7.1
2020-11-02 CVE-2020-11173 Qualcomm Use After Free vulnerability in Qualcomm products

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

7.0

105 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-05 CVE-2020-7207 HP Unspecified vulnerability in HP products

A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE).

6.8
2020-11-05 CVE-2020-4097 Hcltech Classic Buffer Overflow vulnerability in Hcltech Notes

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow.

6.8
2020-11-02 CVE-2020-8236 Nextcloud Improper Authentication vulnerability in Nextcloud Server

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

6.8
2020-11-02 CVE-2020-28044 PAX Incorrect Default Permissions vulnerability in PAX Prolinos 2.4.161.8859R

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

6.8
2020-11-06 CVE-2020-27129 Cisco Argument Injection or Modification vulnerability in Cisco Sd-Wan Vmanage

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges.

6.7
2020-11-06 CVE-2020-27122 Cisco Improper Privilege Management vulnerability in Cisco Identity Services Engine

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device.

6.7
2020-11-06 CVE-2020-3592 Cisco Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system.

6.5
2020-11-06 CVE-2020-27128 Cisco Path Traversal vulnerability in Cisco Sd-Wan

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system.

6.5
2020-11-06 CVE-2020-27121 Cisco Improper Handling of Exceptional Conditions vulnerability in Cisco Unified Communications Manager IM and Presence Service 12.5(1)

A vulnerability in Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition.

6.5
2020-11-06 CVE-2020-26084 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco Edge FOG Fabric

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device.

6.5
2020-11-06 CVE-2020-4482 IBM Unspecified vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security.

6.5
2020-11-06 CVE-2020-27617 Qemu
Debian
Reachable Assertion vulnerability in multiple products

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure.

6.5
2020-11-06 CVE-2020-27616 Qemu Incorrect Calculation vulnerability in Qemu 4.2.1

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation.

6.5
2020-11-06 CVE-2020-28242 Asterisk
Sangoma
Fedoraproject
Debian
Uncontrolled Recursion vulnerability in multiple products

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.

6.5
2020-11-06 CVE-2020-28241 Maxmind
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

6.5
2020-11-06 CVE-2020-5643 Cybozu Improper Input Validation vulnerability in Cybozu Garoon 5.0.0/5.0.1/5.0.2

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.

6.5
2020-11-05 CVE-2020-25662 Redhat Unspecified vulnerability in Redhat Enterprise Linux 8.3

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets.

6.5
2020-11-05 CVE-2020-5943 F5 Use of a Broken or Risky Cryptographic Algorithm vulnerability in F5 products

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does.

6.5
2020-11-04 CVE-2020-22273 Creativeitem Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Neoflex Video Subscription System 2.0

Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)

6.5
2020-11-04 CVE-2020-2319 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins VMWare LAB Manager Slaves

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

6.5
2020-11-04 CVE-2020-2318 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Mail Commander 1.0.0

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

6.5
2020-11-04 CVE-2020-2315 Jenkins Unspecified vulnerability in Jenkins Visualworks Store

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5
2020-11-04 CVE-2020-2312 Jenkins Unspecified vulnerability in Jenkins Sqlplus Script Runner

Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.

6.5
2020-11-04 CVE-2020-2305 Jenkins Unspecified vulnerability in Jenkins Mercurial

Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5
2020-11-04 CVE-2020-2304 Jenkins Unspecified vulnerability in Jenkins Subversion

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5
2020-11-03 CVE-2020-6557 Google
Debian
Fedoraproject
Opensuse
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
6.5
2020-11-03 CVE-2020-15999 Google
Freetype
Debian
Fedoraproject
Opensuse
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5
2020-11-03 CVE-2020-15986 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5
2020-11-03 CVE-2020-15985 Google
Fedoraproject
Debian
Opensuse
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
6.5
2020-11-03 CVE-2020-15984 Google
Fedoraproject
Opensuse
Debian
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
6.5
2020-11-03 CVE-2020-15982 Google
Fedoraproject
Debian
Opensuse
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
6.5
2020-11-03 CVE-2020-15981 Google
Fedoraproject
Opensuse
Debian
Out-of-bounds Read vulnerability in multiple products

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5
2020-11-03 CVE-2020-15977 Google
Debian
Fedoraproject
Opensuse
Improper Input Validation vulnerability in multiple products

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

6.5
2020-11-03 CVE-2020-15973 Google
Fedoraproject
Opensuse
Debian
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
6.5
2020-11-02 CVE-2020-6014 Checkpoint Untrusted Search Path vulnerability in Checkpoint Endpoint Security E80.96/E81.30

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name.

6.5
2020-11-02 CVE-2020-5657 Mitsubishielectric Argument Injection or Modification vulnerability in Mitsubishielectric products

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.

6.5
2020-11-02 CVE-2020-28041 Netgear Incorrect Default Permissions vulnerability in Netgear Nighthawk R7000 Firmware 1.0.9.6410.2.64

The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming.

6.5
2020-11-02 CVE-2020-25689 Redhat
Netapp
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
6.5
2020-11-06 CVE-2020-3590 Cisco Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.

6.4
2020-11-06 CVE-2020-3587 Cisco Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.

6.4
2020-11-04 CVE-2020-28049 Sddm Project
Opensuse
Debian
Fedoraproject
Race Condition vulnerability in multiple products

An issue was discovered in SDDM before 0.19.0.

6.3
2020-11-03 CVE-2020-15988 Google
Fedoraproject
Debian
Opensuse
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
6.3
2020-11-06 CVE-2020-5795 TP Link Link Following vulnerability in Tp-Link Archer A7 Firmware 200721

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.

6.2
2020-11-06 CVE-2020-3579 Cisco Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

6.1
2020-11-06 CVE-2020-3551 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.6/2.7

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.

6.1
2020-11-06 CVE-2020-28249 Joplin Project Cross-site Scripting vulnerability in Joplin Project Joplin 1.2.6

Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.

6.1
2020-11-05 CVE-2020-26505 Marmind Cross-site Scripting vulnerability in Marmind 4.1.141.0

A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code.

6.1
2020-11-05 CVE-2020-14240 Hcltech Cross-site Scripting vulnerability in Hcltech Notes

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability.

6.1
2020-11-05 CVE-2020-14222 Hcltech Cross-site Scripting vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS).

6.1
2020-11-05 CVE-2020-15951 Immuta Cross-site Scripting vulnerability in Immuta 2.8.2

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application.

6.1
2020-11-04 CVE-2020-27691 Imomobile Cross-site Scripting vulnerability in Imomobile Verve Connect Vh510 Firmware

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.

6.1
2020-11-02 CVE-2020-28038 Wordpress
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

WordPress before 5.5.2 allows stored XSS via post slugs.

6.1
2020-11-02 CVE-2020-28034 Wordpress
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

WordPress before 5.5.2 allows XSS associated with global variables.

6.1
2020-11-02 CVE-2020-27982 Icewarp Cross-site Scripting vulnerability in Icewarp Mail Server 11.4.5

IceWarp 11.4.5.0 allows XSS via the language parameter.

6.1
2020-11-02 CVE-2018-19956 Qnap Cross-site Scripting vulnerability in Qnap Photo Station

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station.

6.1
2020-11-02 CVE-2018-19955 Qnap Cross-site Scripting vulnerability in Qnap Photo Station

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station.

6.1
2020-11-02 CVE-2018-19954 Qnap Cross-site Scripting vulnerability in Qnap Photo Station

The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station.

6.1
2020-11-02 CVE-2018-19951 Qnap Cross-site Scripting vulnerability in Qnap Music Station

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.

6.1
2020-11-06 CVE-2020-28168 Axios
Siemens
Server-Side Request Forgery (SSRF) vulnerability in multiple products

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

5.9
2020-11-06 CVE-2020-8577 Netapp Unspecified vulnerability in Netapp E-Series Santricity OS Controller

SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.

5.9
2020-11-06 CVE-2020-27123 Cisco Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device.

5.5
2020-11-06 CVE-2020-27152 Linux Infinite Loop vulnerability in Linux Kernel

An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2.

5.5
2020-11-06 CVE-2020-17490 Saltstack
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

5.5
2020-11-06 CVE-2020-5667 Wantedlyinc Use of Hard-coded Credentials vulnerability in Wantedlyinc Studyplus 6.3.7/8.29.0

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service.

5.5
2020-11-05 CVE-2020-6015 Checkpoint Unspecified vulnerability in Checkpoint Endpoint Security E84.10

Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.

5.5
2020-11-04 CVE-2020-27690 Imomobile Classic Buffer Overflow vulnerability in Imomobile Verve Connect Vh510 Firmware

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal.

5.5
2020-11-04 CVE-2020-2314 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Appspider

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

5.5
2020-11-03 CVE-2020-15989 Google
Fedoraproject
Opensuse
Debian
Use of Uninitialized Resource vulnerability in multiple products

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

5.5
2020-11-05 CVE-2020-5940 F5 Cross-site Scripting vulnerability in F5 products

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

5.4
2020-11-05 CVE-2020-28047 WEB Audimex Cross-site Scripting vulnerability in Web-Audimex Audimexee 14.1.0

AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting).

5.4
2020-11-04 CVE-2019-7356 Intelliants Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.

5.4
2020-11-04 CVE-2020-2317 Jenkins Cross-site Scripting vulnerability in Jenkins Findbugs

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.

5.4
2020-11-04 CVE-2020-2316 Jenkins Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

5.4
2020-11-03 CVE-2020-4785 IBM Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM APP Connect Enterprise Certified Container

IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim.

5.4
2020-11-02 CVE-2020-23989 Nedi Cross-site Scripting vulnerability in Nedi 1.9C

NeDi 1.9C allows pwsec.php oid XSS.

5.4
2020-11-02 CVE-2020-23868 Nedi Cross-site Scripting vulnerability in Nedi 1.9C

NeDi 1.9C allows inc/rt-popup.php d XSS.

5.4
2020-11-02 CVE-2020-27359 Evms Cross-site Scripting vulnerability in Evms Redcap

A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature.

5.4
2020-11-02 CVE-2020-15914 EA Cross-site Scripting vulnerability in EA Origin Client 10.5.86

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client.

5.4
2020-11-06 CVE-2020-28327 Digium
Sangoma
Improper Resource Shutdown or Release vulnerability in multiple products

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1.

5.3
2020-11-05 CVE-2020-8267 UI Improper Authentication vulnerability in UI Unifi Protect Firmware

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.

5.3
2020-11-02 CVE-2020-26939 Bouncycastle Information Exposure Through Discrepancy vulnerability in Bouncycastle products

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs.

5.3
2020-11-02 CVE-2020-28042 Servicestack Improper Verification of Cryptographic Signature vulnerability in Servicestack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.

5.3
2020-11-02 CVE-2020-28002 Sonarsource Improper Authentication vulnerability in Sonarsource Sonarqube 8.4.2.36762

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner.

5.3
2020-11-06 CVE-2020-26083 Cisco Cross-site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.8
2020-11-03 CVE-2020-1908 Whatsapp Files or Directories Accessible to External Parties vulnerability in Whatsapp and Whatsapp Business

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.

4.6
2020-11-05 CVE-2020-24431 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process.

4.4
2020-11-06 CVE-2020-3591 Cisco Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2020-11-06 CVE-2020-26086 Cisco Exposure of Resource to Wrong Sphere vulnerability in Cisco Telepresence Collaboration Endpoint

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device.

4.3
2020-11-06 CVE-2020-4484 IBM Unspecified vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system.

4.3
2020-11-06 CVE-2020-4483 IBM Information Exposure Through an Error Message vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.3
2020-11-05 CVE-2020-5944 F5 Unspecified vulnerability in F5 Big-Iq Centralized Management 7.1.0

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration.

4.3
2020-11-05 CVE-2020-26506 Marmind Incorrect Authorization vulnerability in Marmind 4.1.141.0

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users.

4.3
2020-11-04 CVE-2020-2313 Jenkins Unspecified vulnerability in Jenkins Azure KEY Vault

A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2020-11-04 CVE-2020-2311 Jenkins Unspecified vulnerability in Jenkins AWS Global Configuration

A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.

4.3
2020-11-04 CVE-2020-2310 Jenkins Unspecified vulnerability in Jenkins Ansible

Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2020-11-04 CVE-2020-2309 Jenkins Unspecified vulnerability in Jenkins Kubernetes

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3
2020-11-04 CVE-2020-2308 Jenkins Unspecified vulnerability in Jenkins Kubernetes

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.

4.3
2020-11-04 CVE-2020-2307 Jenkins Unspecified vulnerability in Jenkins Kubernetes

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.

4.3
2020-11-04 CVE-2020-2306 Jenkins Unspecified vulnerability in Jenkins Mercurial

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.

4.3
2020-11-04 CVE-2020-2303 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Active Directory

A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.

4.3
2020-11-04 CVE-2020-2302 Jenkins Missing Authorization vulnerability in Jenkins Active Directory

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.

4.3
2020-11-03 CVE-2020-4649 IBM Information Exposure vulnerability in IBM Planning Analytics Local

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions.

4.3
2020-11-02 CVE-2020-28040 Wordpress
Debian
Canonical
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.

4.3
2020-11-02 CVE-2020-28031 Eramba Injection vulnerability in Eramba 2.8.1

eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users.

4.3
2020-11-02 CVE-2020-27358 Vanderbilt Incorrect Default Permissions vulnerability in Vanderbilt Redcap

An issue was discovered in REDCap 8.11.6 through 9.x before 10.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-03 CVE-2019-4349 IBM Information Exposure vulnerability in IBM Maximo Anywhere

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service.

3.5
2020-11-07 CVE-2020-16121 Packagekit Project
Canonical
Information Exposure Through an Error Message vulnerability in multiple products

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

3.3
2020-11-05 CVE-2020-24438 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak.

3.3
2020-11-05 CVE-2020-24434 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

3.3
2020-11-05 CVE-2020-24427 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory.

3.3
2020-11-05 CVE-2020-24426 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

3.3
2020-11-05 CVE-2020-24439 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass.

2.8
2020-11-05 CVE-2018-1725 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure.

2.3
2020-11-02 CVE-2020-8173 Nextcloud Missing Encryption of Sensitive Data vulnerability in Nextcloud Server

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

2.2