Weekly Vulnerabilities Reports > November 9 to 15, 2020
Overview
424 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 124 high severity vulnerabilities. This weekly summary report vulnerabilities in 1012 products from 103 vendors including Microsoft, Intel, Qualcomm, Google, and Netapp. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Improper Privilege Management", "Improper Input Validation", and "Incorrect Default Permissions".
- 188 reported vulnerabilities are remotely exploitables.
- 65 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 293 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 112 reported vulnerabilities.
- Qualcomm has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-11-15 | CVE-2020-7772 | DOC Path Project | Unspecified vulnerability in Doc-Path Project Doc-Path This affects the package doc-path before 2.1.2. | 10.0 |
2020-11-12 | CVE-2020-24719 | Couchbase | OS Command Injection vulnerability in Couchbase Server 6.5.1 Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. | 10.0 |
2020-11-12 | CVE-2020-3639 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130 | 10.0 |
2020-11-12 | CVE-2020-11196 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | 10.0 |
2020-11-12 | CVE-2020-11193 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | 10.0 |
2020-11-12 | CVE-2020-11184 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 10.0 |
2020-11-12 | CVE-2020-11168 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330 | 10.0 |
2020-11-10 | CVE-2020-24384 | A10Networks | Unspecified vulnerability in A10Networks Advanced Core Operating System and Agalaxy A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. | 10.0 |
2020-11-12 | CVE-2020-8752 | Intel Netapp | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. | 9.8 |
2020-11-12 | CVE-2020-28271 | Deephas Project | Unspecified vulnerability in Deephas Project Deephas Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
2020-11-12 | CVE-2020-28269 | Exodus | Unspecified vulnerability in Exodus Field 0.0.1/1.0.0/1.0.1 Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | 9.8 |
2020-11-12 | CVE-2020-7770 | Json8 Project | Unspecified vulnerability in Json8 Project Json8 This affects the package json8 before 1.0.3. | 9.8 |
2020-11-11 | CVE-2020-7768 | Grpc | Unspecified vulnerability in Grpc The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | 9.8 |
2020-11-11 | CVE-2020-17051 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 9.8 |
2020-11-10 | CVE-2020-7766 | Json PTR Project | Unspecified vulnerability in Json-Ptr Project Json-Ptr This affects all versions of package json-ptr. | 9.8 |
2020-11-10 | CVE-2020-13927 | Apache | Insecure Default Initialization of Resource vulnerability in Apache Airflow The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. | 9.8 |
2020-11-10 | CVE-2020-0452 | Google Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. | 9.8 |
2020-11-09 | CVE-2020-28371 | Readytalk | Integer Overflow or Wraparound vulnerability in Readytalk Avian 1.2.0 An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. | 9.8 |
2020-11-10 | CVE-2020-0451 | Out-of-bounds Write vulnerability in Google Android In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 9.3 | |
2020-11-10 | CVE-2020-0449 | Use After Free vulnerability in Google Android In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. | 9.3 | |
2020-11-09 | CVE-2020-4759 | IBM | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Filenet Content Manager 5.5.4/5.5.5 IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. | 9.3 |
2020-11-12 | CVE-2020-8747 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | 9.1 |
2020-11-12 | CVE-2020-13774 | Ivanti | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Endpoint Manager 2019.1/2020.1 An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. | 9.0 |
2020-11-12 | CVE-2020-2000 | Paloaltonetworks | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. | 9.0 |
2020-11-10 | CVE-2020-26820 | SAP | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. | 9.0 |
2020-11-09 | CVE-2020-24407 | Magento | Unrestricted Upload of File with Dangerous Type vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. | 9.0 |
124 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-11-12 | CVE-2020-27386 | Flexdotnetcms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Flexdotnetcms Project Flexdotnetcms An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. | 8.8 |
2020-11-12 | CVE-2020-8749 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2020-11-12 | CVE-2020-7332 | Mcafee | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Endpoint Security Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | 8.8 |
2020-11-11 | CVE-2020-17061 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Remote Code Execution Vulnerability | 8.8 |
2020-11-11 | CVE-2020-17042 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Remote Code Execution Vulnerability | 8.8 |
2020-11-10 | CVE-2020-27146 | Tibco | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Iprocess Workspace Browser The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. | 8.8 |
2020-11-10 | CVE-2020-26819 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. | 8.8 |
2020-11-10 | CVE-2020-26818 | SAP | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | 8.8 |
2020-11-12 | CVE-2020-26070 | Cisco | Improper Resource Shutdown or Release vulnerability in Cisco IOS XR A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2020-11-11 | CVE-2020-17084 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 8.5 |
2020-11-09 | CVE-2020-28373 | Netgear | Out-of-bounds Write vulnerability in Netgear products upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. | 8.3 |
2020-11-11 | CVE-2020-16970 | Microsoft | Double Free vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 8.1 |
2020-11-11 | CVE-2020-17016 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Spoofing Vulnerability | 8.0 |
2020-11-12 | CVE-2020-8760 | Intel Netapp | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2020-11-12 | CVE-2020-8744 | Intel Siemens | Improper Initialization vulnerability in multiple products Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2020-11-12 | CVE-2020-0590 | Intel Netapp Siemens | Improper Input Validation vulnerability in multiple products Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-11-12 | CVE-2020-7331 | Mcafee | Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | 7.8 |
2020-11-12 | CVE-2020-11208 | Qualcomm | Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | 7.8 |
2020-11-12 | CVE-2020-11207 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P | 7.8 |
2020-11-12 | CVE-2020-11206 | Qualcomm | Unspecified vulnerability in Qualcomm products Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 7.8 |
2020-11-11 | CVE-2020-17110 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17109 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17108 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17107 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17106 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions 1.0.32762.0 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17105 | Microsoft | Unspecified vulnerability in Microsoft AV1 Video Extension AV1 Video Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17104 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio Code Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17101 | Microsoft | Unspecified vulnerability in Microsoft Heif Image Extension HEIF Image Extensions Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17091 | Microsoft | Unspecified vulnerability in Microsoft Teams Microsoft Teams Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17088 | Microsoft | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17087 | Microsoft | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17086 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17082 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17079 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17078 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Raw Image Extension Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17077 | Microsoft | Unspecified vulnerability in Microsoft products Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17076 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17075 | Microsoft | Unspecified vulnerability in Microsoft products Windows USO Core Worker Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17074 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17073 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Update Orchestrator Service Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17070 | Microsoft | Unspecified vulnerability in Microsoft products Windows Update Medic Service Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17068 | Microsoft | Unspecified vulnerability in Microsoft products Windows GDI+ Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17067 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Excel and Office Microsoft Excel Security Feature Bypass Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17066 | Microsoft | Unspecified vulnerability in Microsoft Excel 2010 Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17065 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17064 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17062 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17055 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17044 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17043 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17041 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Configuration Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17038 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17037 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 Windows WalletService Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17035 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17034 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17033 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17032 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17031 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17028 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17027 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17026 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17025 | Microsoft | Unspecified vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17024 | Microsoft | Unspecified vulnerability in Microsoft products Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17019 | Microsoft | Double Free vulnerability in Microsoft Office 2010 Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17014 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17012 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 Windows Bind Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17011 | Microsoft | Unspecified vulnerability in Microsoft products Windows Port Class Library Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17010 | Microsoft | OS Command Injection vulnerability in Microsoft Windows 10 and Windows Server 2016 Win32k Elevation of Privilege Vulnerability | 7.8 |
2020-11-11 | CVE-2020-17001 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 |
2020-11-10 | CVE-2020-0442 | Improper Input Validation vulnerability in Google Android In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. | 7.8 | |
2020-11-10 | CVE-2020-0441 | Resource Exhaustion vulnerability in Google Android In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. | 7.8 | |
2020-11-11 | CVE-2020-16997 | Microsoft | Unspecified vulnerability in Microsoft products Remote Desktop Protocol Server Information Disclosure Vulnerability | 7.7 |
2020-11-15 | CVE-2020-28268 | Controlled Merge Project | Unspecified vulnerability in Controlled-Merge Project Controlled-Merge Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | 7.5 |
2020-11-13 | CVE-2020-28638 | Dyne | Improper Authentication vulnerability in Dyne Tomb ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | 7.5 |
2020-11-13 | CVE-2020-13638 | Rconfig | Improper Authentication vulnerability in Rconfig lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. | 7.5 |
2020-11-13 | CVE-2020-12338 | Intel | Unspecified vulnerability in Intel Open Webrtc Toolkit Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.5 |
2020-11-13 | CVE-2020-6019 | Valvesoftware | Unspecified vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0 Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. | 7.5 |
2020-11-12 | CVE-2020-13877 | Resourcexpress | SQL Injection vulnerability in Resourcexpress Meeting Monitor 4.9 SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure. | 7.5 |
2020-11-12 | CVE-2020-15783 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. | 7.5 |
2020-11-12 | CVE-2020-12315 | Intel | Path Traversal vulnerability in Intel Endpoint Management Assistant 1.3.1/1.3.2/1.3.2.1 Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.5 |
2020-11-12 | CVE-2020-8754 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2020-11-12 | CVE-2020-8753 | Intel | Out-of-bounds Read vulnerability in Intel Active Management Technology Firmware Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2020-11-12 | CVE-2020-7472 | Sugarcrm | Missing Authorization vulnerability in Sugarcrm An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. | 7.5 |
2020-11-12 | CVE-2020-28270 | Mjpclab | Unspecified vulnerability in Mjpclab Object-Hierarchy-Access Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. | 7.5 |
2020-11-12 | CVE-2019-17566 | Apache Oracle | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
2020-11-12 | CVE-2020-27481 | Goodlayers | SQL Injection vulnerability in Goodlayers Good Learning Management System An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. | 7.5 |
2020-11-12 | CVE-2020-7769 | Nodemailer | Injection vulnerability in Nodemailer This affects the package nodemailer before 6.4.16. | 7.5 |
2020-11-11 | CVE-2020-17058 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer Microsoft Browser Memory Corruption Vulnerability | 7.5 |
2020-11-11 | CVE-2020-17053 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 Internet Explorer Memory Corruption Vulnerability | 7.5 |
2020-11-11 | CVE-2020-17052 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability | 7.5 |
2020-11-11 | CVE-2020-17047 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network File System Denial of Service Vulnerability | 7.5 |
2020-11-11 | CVE-2020-16992 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Elevation of Privilege Vulnerability | 7.5 |
2020-11-10 | CVE-2020-25074 | Moinmo Debian | Path Traversal vulnerability in multiple products The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. | 7.5 |
2020-11-10 | CVE-2020-0447 | Unspecified vulnerability in Google Android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617 | 7.5 | |
2020-11-10 | CVE-2020-0446 | Unspecified vulnerability in Google Android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528 | 7.5 | |
2020-11-10 | CVE-2020-0445 | Unspecified vulnerability in Google Android There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 | 7.5 | |
2020-11-09 | CVE-2020-26168 | Hazelcast | Improper Authentication vulnerability in Hazelcast and JET The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. | 7.5 |
2020-11-09 | CVE-2020-14189 | Atlassian | Unspecified vulnerability in Atlassian Jira Comment The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | 7.5 |
2020-11-09 | CVE-2020-14188 | Atlassian | Unspecified vulnerability in Atlassian Jira Create The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | 7.5 |
2020-11-09 | CVE-2020-26542 | Percona | Improper Authentication vulnerability in Percona Server An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. | 7.5 |
2020-11-09 | CVE-2020-23138 | Microweber | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 7.5 |
2020-11-09 | CVE-2020-14366 | Redhat | Path Traversal vulnerability in Redhat Keycloak A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. | 7.5 |
2020-11-11 | CVE-2020-16994 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 7.3 |
2020-11-11 | CVE-2020-16991 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 7.3 |
2020-11-11 | CVE-2020-16987 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 7.3 |
2020-11-11 | CVE-2020-16984 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 7.3 |
2020-11-13 | CVE-2020-15481 | Passmark | Unspecified vulnerability in Passmark Burnintest, Osforensics and Performancetest An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. | 7.2 |
2020-11-13 | CVE-2020-5796 | Nagios | Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4 Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | 7.2 |
2020-11-12 | CVE-2020-12927 | AMD | Unspecified vulnerability in AMD Vbios Flash Tool Software Development KIT A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. | 7.2 |
2020-11-12 | CVE-2020-16273 | ARM | Integer Underflow (Wrap or Wraparound) vulnerability in ARM Armv8-M Firmware In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. | 7.2 |
2020-11-12 | CVE-2020-13770 | Ivanti | Incorrect Default Permissions vulnerability in Ivanti Endpoint Manager Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. | 7.2 |
2020-11-12 | CVE-2020-3632 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 7.2 |
2020-11-12 | CVE-2020-11205 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 7.2 |
2020-11-12 | CVE-2020-11202 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P | 7.2 |
2020-11-12 | CVE-2020-11201 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P | 7.2 |
2020-11-12 | CVE-2020-11175 | Qualcomm | Use After Free vulnerability in Qualcomm products u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P | 7.2 |
2020-11-12 | CVE-2020-11127 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P | 7.2 |
2020-11-11 | CVE-2020-8354 | Lenovo | Unspecified vulnerability in Lenovo Notebook Firmware A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | 7.2 |
2020-11-11 | CVE-2020-7329 | Mcafee | Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | 7.2 |
2020-11-11 | CVE-2020-7328 | Mcafee | Server-Side Request Forgery (SSRF) vulnerability in Mcafee Mvision Endpoint External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | 7.2 |
2020-11-10 | CVE-2020-28055 | TCL | Incorrect Permission Assignment for Critical Resource vulnerability in TCL products A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. | 7.2 |
2020-11-11 | CVE-2020-17057 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.0 |
2020-11-11 | CVE-2020-17007 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Elevation of Privilege Vulnerability | 7.0 |
2020-11-11 | CVE-2020-16998 | Microsoft | Unspecified vulnerability in Microsoft products DirectX Elevation of Privilege Vulnerability | 7.0 |
215 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-11-12 | CVE-2020-13771 | Ivanti | Uncontrolled Search Path Element vulnerability in Ivanti Endpoint Manager Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. | 6.9 |
2020-11-11 | CVE-2020-16988 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Elevation of Privilege Vulnerability | 6.9 |
2020-11-10 | CVE-2020-23968 | Ilex | Link Following vulnerability in Ilex International Sign&Go 7.1 Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | 6.9 |
2020-11-13 | CVE-2020-6156 | Pixar | Out-of-bounds Write vulnerability in Pixar Openusd 20.05 A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. | 6.8 |
2020-11-13 | CVE-2020-6155 | Pixar | Out-of-bounds Write vulnerability in Pixar Openusd 20.05 A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. | 6.8 |
2020-11-13 | CVE-2020-6150 | Pixar | Out-of-bounds Write vulnerability in Pixar Openusd 20.05 A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. | 6.8 |
2020-11-13 | CVE-2020-6149 | Pixar | Out-of-bounds Write vulnerability in Pixar Openusd 20.05 A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. | 6.8 |
2020-11-13 | CVE-2020-6148 | Pixar | Out-of-bounds Write vulnerability in Pixar Openusd 20.05 A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. | 6.8 |
2020-11-13 | CVE-2020-6147 | Pixar Apple | Out-of-bounds Write vulnerability in multiple products A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. | 6.8 |
2020-11-12 | CVE-2020-8745 | Intel Siemens | Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2020-11-11 | CVE-2020-17063 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Microsoft Office Online Spoofing Vulnerability | 6.8 |
2020-11-10 | CVE-2019-7357 | Intelliants | Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. | 6.8 |
2020-11-10 | CVE-2020-26817 | SAP | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | 6.8 |
2020-11-09 | CVE-2020-27016 | Trendmicro | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. | 6.8 |
2020-11-12 | CVE-2020-8757 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2020-11-11 | CVE-2020-17049 | Microsoft Samba | Incorrect Authorization vulnerability in multiple products A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | 6.6 |
2020-11-13 | CVE-2020-26222 | Dependabot Project | Injection vulnerability in Dependabot Project Dependabot Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. | 6.5 |
2020-11-13 | CVE-2020-25557 | Cmsuno Project | Command Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. | 6.5 |
2020-11-13 | CVE-2020-25538 | Cmsuno Project | Command Injection vulnerability in Cmsuno Project Cmsuno 1.6.2 An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. | 6.5 |
2020-11-13 | CVE-2020-21667 | Fastadmin TP6 Project | SQL Injection vulnerability in Fastadmin-Tp6 Project Fastadmin-Tp6 1.0 In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | 6.5 |
2020-11-13 | CVE-2020-7032 | Avaya | XXE vulnerability in Avaya Aura System Manager and Weblm An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 6.5 |
2020-11-12 | CVE-2020-26805 | Sapplica | SQL Injection vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, admin can edit employee's informations via this endpoint --> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. | 6.5 |
2020-11-12 | CVE-2020-26804 | Sapplica | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. | 6.5 |
2020-11-12 | CVE-2020-26803 | Sapplica | Unrestricted Upload of File with Dangerous Type vulnerability in Sapplica Sentrifugo 3.2 In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. | 6.5 |
2020-11-12 | CVE-2020-12347 | Intel | Improper Input Validation vulnerability in Intel Data Center Manager Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | 6.5 |
2020-11-12 | CVE-2020-8746 | Intel Netapp | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2020-11-11 | CVE-2020-4685 | IBM | Improper Privilege Management vulnerability in IBM Cognos Controller A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. | 6.5 |
2020-11-11 | CVE-2020-17040 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Security Feature Bypass Vulnerability | 6.5 |
2020-11-10 | CVE-2020-25268 | Ilias | Injection vulnerability in Ilias 6.4.0 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 6.5 |
2020-11-10 | CVE-2020-26808 | SAP | Unspecified vulnerability in SAP AS Abap(Dmis) and SAP S4 Hana(Dmis) SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. | 6.5 |
2020-11-09 | CVE-2020-27694 | Trendmicro | Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | 6.5 |
2020-11-09 | CVE-2020-25655 | Redhat | Incorrect Authorization vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0 An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. | 6.5 |
2020-11-09 | CVE-2020-28349 | Chirpstack | Improper Input Validation vulnerability in Chirpstack Network Server 3.9.0 An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. | 6.5 |
2020-11-12 | CVE-2020-2050 | Paloaltonetworks | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. | 6.4 |
2020-11-10 | CVE-2020-26824 | SAP | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. | 6.4 |
2020-11-10 | CVE-2020-26823 | SAP | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service. | 6.4 |
2020-11-10 | CVE-2020-26822 | SAP | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. | 6.4 |
2020-11-10 | CVE-2020-26821 | SAP | Missing Authorization vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service. | 6.4 |
2020-11-09 | CVE-2020-15297 | Bitdefender | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Update Server Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. | 6.4 |
2020-11-11 | CVE-2020-17085 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Denial of Service Vulnerability | 6.2 |
2020-11-11 | CVE-2020-16990 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Azure Sphere Azure Sphere Information Disclosure Vulnerability | 6.2 |
2020-11-11 | CVE-2020-16986 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Denial of Service Vulnerability | 6.2 |
2020-11-11 | CVE-2020-16985 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Azure Sphere Azure Sphere Information Disclosure Vulnerability | 6.2 |
2020-11-12 | CVE-2020-25706 | Cacti Debian | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field | 6.1 |
2020-11-12 | CVE-2020-13954 | Apache Netapp Oracle | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
2020-11-11 | CVE-2020-16982 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability | 6.1 |
2020-11-11 | CVE-2020-16981 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Elevation of Privilege Vulnerability | 6.1 |
2020-11-12 | CVE-2020-25658 | Python RSA Project Redhat Fedoraproject | Covert Timing Channel vulnerability in multiple products It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. | 5.9 |
2020-11-13 | CVE-2020-12313 | Intel | Improper Privilege Management vulnerability in Intel Proset/Wireless Wifi Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 5.8 |
2020-11-12 | CVE-2020-12321 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 5.8 |
2020-11-11 | CVE-2020-26219 | Touchbase AI Project | Open Redirect vulnerability in Touchbase.Ai Project Touchbase.Ai touchbase.ai before version 2.0 is vulnerable to Open Redirect. | 5.8 |
2020-11-09 | CVE-2020-23140 | Microweber | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by insufficient session expiration. | 5.8 |
2020-11-11 | CVE-2020-16983 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Tampering Vulnerability | 5.7 |
2020-11-12 | CVE-2020-27385 | Flexdotnetcms Project | Unspecified vulnerability in Flexdotnetcms Project Flexdotnetcms Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. | 5.5 |
2020-11-12 | CVE-2020-8698 | Intel Netapp Fedoraproject Debian Siemens | Exposure of Resource to Wrong Sphere vulnerability in multiple products Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-11-12 | CVE-2020-8696 | Intel Netapp Fedoraproject Debian | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-11-12 | CVE-2020-8695 | Intel Fedoraproject Debian | Information Exposure Through Discrepancy vulnerability in multiple products Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2020-11-12 | CVE-2020-24441 | Adobe | Unspecified vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2 Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. | 5.5 |
2020-11-11 | CVE-2020-17113 | Microsoft | Out-of-bounds Read vulnerability in Microsoft Windows 10 Windows Camera Codec Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17102 | Microsoft | Unspecified vulnerability in Microsoft Webp Image Extension WebP Image Extensions Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17100 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2019 Visual Studio Tampering Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17083 | Microsoft | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17081 | Microsoft | Unspecified vulnerability in Microsoft RAW Image Extension Microsoft Raw Image Extension Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17071 | Microsoft | Unspecified vulnerability in Microsoft products Windows Delivery Optimization Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17069 | Microsoft | Unspecified vulnerability in Microsoft products Windows NDIS Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17056 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network File System Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17046 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Denial of Service Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17045 | Microsoft | Unspecified vulnerability in Microsoft products Windows KernelStream Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17036 | Microsoft | Unspecified vulnerability in Microsoft products Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17030 | Microsoft | Unspecified vulnerability in Microsoft products Windows MSCTF Server Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17029 | Microsoft | Unspecified vulnerability in Microsoft products Windows Canonical Display Driver Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17013 | Microsoft | Unspecified vulnerability in Microsoft products Win32k Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17004 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-17000 | Microsoft | Unspecified vulnerability in Microsoft products Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-16999 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 Windows WalletService Information Disclosure Vulnerability | 5.5 |
2020-11-11 | CVE-2020-1599 | Microsoft | Unspecified vulnerability in Microsoft products Windows Spoofing Vulnerability | 5.5 |
2020-11-09 | CVE-2020-24402 | Magento | Incorrect Default Permissions vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. | 5.5 |
2020-11-09 | CVE-2020-24401 | Magento | Incorrect Authorization vulnerability in Magento Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. | 5.5 |
2020-11-09 | CVE-2020-24400 | Magento | SQL Injection vulnerability in Magento Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. | 5.5 |
2020-11-11 | CVE-2020-15275 | Moinmo | Cross-site Scripting vulnerability in Moinmo Moinmoin MoinMoin is a wiki engine. | 5.4 |
2020-11-11 | CVE-2020-17060 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Spoofing Vulnerability | 5.4 |
2020-11-11 | CVE-2020-17021 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2020-11-11 | CVE-2020-17018 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2020-11-11 | CVE-2020-17006 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics CRM 2015 7.0 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2020-11-11 | CVE-2020-17005 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 5.4 |
2020-11-11 | CVE-2020-16993 | Microsoft | Improper Privilege Management vulnerability in Microsoft Azure Sphere Azure Sphere Elevation of Privilege Vulnerability | 5.4 |
2020-11-11 | CVE-2020-16989 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Elevation of Privilege Vulnerability | 5.4 |
2020-11-11 | CVE-2020-1325 | Microsoft | Unspecified vulnerability in Microsoft Azure Devops Server 2019 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | 5.4 |
2020-11-11 | CVE-2020-17090 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | 5.3 |
2020-11-11 | CVE-2020-17017 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Information Disclosure Vulnerability | 5.3 |
2020-11-11 | CVE-2020-16979 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Information Disclosure Vulnerability | 5.3 |
2020-11-09 | CVE-2020-8133 | Nextcloud | Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1 A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | 5.3 |
2020-11-12 | CVE-2020-2022 | Paloaltonetworks | Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. | 5.1 |
2020-11-13 | CVE-2020-27217 | Eclipse | Unspecified vulnerability in Eclipse Hono 1.3.0/1.4.0 In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. | 5.0 |
2020-11-13 | CVE-2020-7962 | Oneidentity | Information Exposure vulnerability in Oneidentity Password Manager 5.8 An issue was discovered in One Identity Password Manager 5.8. | 5.0 |
2020-11-13 | CVE-2020-8583 | Netapp | Unspecified vulnerability in Netapp Element OS and HCI Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | 5.0 |
2020-11-13 | CVE-2020-25165 | BD | Improper Authentication vulnerability in BD Alaris 8015 PCU Firmware and Alaris Systems Manager BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. | 5.0 |
2020-11-13 | CVE-2020-25155 | Nexcom | Cleartext Transmission of Sensitive Information vulnerability in Nexcom NIO 50 Firmware The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). | 5.0 |
2020-11-13 | CVE-2020-25151 | Nexcom | Improper Input Validation vulnerability in Nexcom NIO 50 Firmware The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). | 5.0 |
2020-11-13 | CVE-2020-1847 | Huawei | Unspecified vulnerability in Huawei products There is a denial of service vulnerability in some Huawei products. | 5.0 |
2020-11-12 | CVE-2020-17494 | Untangle | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Untangle Firewall NG Untangle Firewall NG before 16.0 uses MD5 for passwords. | 5.0 |
2020-11-12 | CVE-2020-24454 | Intel | XXE vulnerability in Intel Quartus Prime Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-11-12 | CVE-2020-28247 | Lettre | Unspecified vulnerability in Lettre The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. | 5.0 |
2020-11-12 | CVE-2020-24573 | BAB Technologie | Resource Exhaustion vulnerability in Bab-Technologie Eibport Firmware 3.8.2 BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. | 5.0 |
2020-11-12 | CVE-2020-1999 | Paloaltonetworks | Improper Check for Unusual or Exceptional Conditions vulnerability in Paloaltonetworks Pan-Os A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. | 5.0 |
2020-11-11 | CVE-2020-27523 | Mersive | Improper Authentication vulnerability in Mersive Solstice POD Firmware Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. | 5.0 |
2020-11-11 | CVE-2020-7767 | Express Validators Project | Unspecified vulnerability in Express-Validators Project Express-Validators All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. | 5.0 |
2020-11-10 | CVE-2020-24063 | Canto | Server-Side Request Forgery (SSRF) vulnerability in Canto 1.3.0 The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | 5.0 |
2020-11-10 | CVE-2020-26815 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Fiori Launchpad (News Tile Application) SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. | 5.0 |
2020-11-10 | CVE-2020-26811 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Commerce Cloud (Accelerator Payment Mock) SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. | 5.0 |
2020-11-10 | CVE-2020-26810 | SAP | Unspecified vulnerability in SAP Commerce Cloud (Accelerator Payment Mock) SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. | 5.0 |
2020-11-10 | CVE-2020-26809 | SAP | Incorrect Default Permissions vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. | 5.0 |
2020-11-10 | CVE-2020-28267 | SET Project | Unspecified vulnerability in SET Project SET 1.0.0 Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | 5.0 |
2020-11-09 | CVE-2020-8268 | Json8 Merge Patch Project | Improper Input Validation vulnerability in Json8-Merge-Patch Project Json8-Merge-Patch Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. | 5.0 |
2020-11-10 | CVE-2020-12485 | Vivo | Out-of-bounds Read vulnerability in Vivo Frame Touch Module 10 The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | 4.9 |
2020-11-12 | CVE-2020-7333 | Mcafee | Cross-site Scripting vulnerability in Mcafee Endpoint Security Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard. | 4.8 |
2020-11-11 | CVE-2020-27524 | Audi | Use of Externally-Controlled Format String vulnerability in Audi MMI Multiplayer N+Rcnaup0395 On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. | 4.8 |
2020-11-13 | CVE-2020-0599 | Intel | Unspecified vulnerability in Intel products Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-13 | CVE-2020-9129 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 30 Firmware HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. | 4.6 |
2020-11-13 | CVE-2020-9127 | Huawei | Command Injection vulnerability in Huawei products Some Huawei products have a command injection vulnerability. | 4.6 |
2020-11-12 | CVE-2020-24525 | Intel | Improper Preservation of Permissions vulnerability in Intel products Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-24456 | Intel | Incorrect Default Permissions vulnerability in Intel Board ID Tool 1.01 Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12350 | Intel | Improper Privilege Management vulnerability in Intel Extreme Tuning Utility 6.4.1.21 Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12346 | Intel | Incorrect Default Permissions vulnerability in Intel Battery Life Diagnostic Tool Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12345 | Intel | Improper Preservation of Permissions vulnerability in Intel Data Center Manager Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12337 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12336 | Intel | Improper Initialization vulnerability in Intel products Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12335 | Intel | Improper Preservation of Permissions vulnerability in Intel Processor Identification Utility 6.1.0731 Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12334 | Intel | Improper Preservation of Permissions vulnerability in Intel Advisor Tools 2020 Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12333 | Intel | Insufficiently Protected Credentials vulnerability in Intel Quickassist Technology Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12332 | Intel | Improper Preservation of Permissions vulnerability in Intel HID Event Filter Driver Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12331 | Intel | Improper Privilege Management vulnerability in Intel Unite Cloud Service Client Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12330 | Intel | Improper Preservation of Permissions vulnerability in Intel Falcon 8+ UAS Asctec Thermal Viewer Firmware Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12329 | Intel | Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler 2017/2018/2019 Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12325 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Thunderbolt DCH Driver Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12324 | Intel | Improper Privilege Management vulnerability in Intel Thunderbolt DCH Driver Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12323 | Intel | Improper Input Validation vulnerability in Intel Adas IE Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12320 | Intel | Uncontrolled Search Path Element vulnerability in Intel SCS Add-On for Microsoft Sccm 2.1.10 Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-0572 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8764 | Intel Netapp | Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8756 | Intel | Improper Input Validation vulnerability in Intel Converged Security and Manageability Engine Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8750 | Intel | Use After Free vulnerability in Intel Trusted Execution Engine 3.0/3.1.75/4.0.25 Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8740 | Intel Netapp | Out-of-bounds Write vulnerability in multiple products Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8739 | Intel Netapp | Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8738 | Intel Netapp | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-8737 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Quartus Prime and Stratix 10 Fpga Firmware Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access. | 4.6 |
2020-11-12 | CVE-2020-8705 | Intel | Insecure Default Initialization of Resource vulnerability in Intel products Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. | 4.6 |
2020-11-12 | CVE-2020-8693 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-11-12 | CVE-2020-8692 | Intel | Improper Privilege Management vulnerability in Intel products Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-11-12 | CVE-2020-8691 | Intel | Improper Privilege Management vulnerability in Intel products A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-11-12 | CVE-2020-8690 | Intel | Improper Privilege Management vulnerability in Intel products Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-11-12 | CVE-2020-8676 | Intel | Improper Privilege Management vulnerability in Intel Visual Compute Accelerator 2 Firmware Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12355 | Intel | Authentication Bypass by Capture-replay vulnerability in Intel Trusted Execution Engine 3.0/3.1.75/4.0.25 Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.6 |
2020-11-12 | CVE-2020-12354 | Intel | Incorrect Default Permissions vulnerability in Intel Active Management Technology Software Development KIT Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12318 | Intel | Unspecified vulnerability in Intel Proset/Wireless Wifi Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12312 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Quartus Prime PRO and Stratix 10 Fpga Firmware Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.6 |
2020-11-12 | CVE-2020-12307 | Intel | Incorrect Default Permissions vulnerability in Intel High Definition Audio Driver Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12306 | Intel | Incorrect Default Permissions vulnerability in Intel Realsense D400 Series Dynamic Calibration Tool Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-12304 | Intel | Improper Privilege Management vulnerability in Intel Dynamic Application Loader Software Developement KIT Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | 4.6 |
2020-11-12 | CVE-2020-12303 | Intel | Use After Free vulnerability in Intel products Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | 4.6 |
2020-11-12 | CVE-2020-12297 | Intel | Improper Privilege Management vulnerability in Intel products Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | 4.6 |
2020-11-12 | CVE-2020-0593 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Bios Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-0592 | Intel | Out-of-bounds Write vulnerability in Intel Bios Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-11-12 | CVE-2020-0591 | Intel Siemens | Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-0588 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Bios Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-0587 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Bios Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2019-11121 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Media SDK 2018 Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-11-12 | CVE-2020-11131 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330 | 4.6 |
2020-11-12 | CVE-2020-11130 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 4.6 |
2020-11-12 | CVE-2020-11121 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | 4.6 |
2020-11-11 | CVE-2020-8353 | Lenovo | Unspecified vulnerability in Lenovo products Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. | 4.6 |
2020-11-10 | CVE-2020-24367 | Bluestacks | Improper Privilege Management vulnerability in Bluestacks Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | 4.6 |
2020-11-10 | CVE-2020-0439 | Missing Authorization vulnerability in Google Android In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. | 4.6 | |
2020-11-10 | CVE-2020-0438 | Improper Initialization vulnerability in Google Android 10.0/11.0 In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. | 4.6 | |
2020-11-10 | CVE-2020-0418 | Unspecified vulnerability in Google Android 10.0 In getPermissionInfosForGroup of Utils.java, there is a logic error. | 4.6 | |
2020-11-10 | CVE-2020-0409 | Out-of-bounds Write vulnerability in Google Android In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. | 4.6 | |
2020-11-10 | CVE-2020-16125 | Gnome | Improper Check for Unusual or Exceptional Conditions vulnerability in Gnome Display Manager gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. | 4.6 |
2020-11-09 | CVE-2020-27977 | Capasystems | Unspecified vulnerability in Capasystems Capainstaller CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. | 4.6 |
2020-11-12 | CVE-2020-12926 | AMD | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD Trusted Platform Modules Reference The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. | 4.4 |
2020-11-12 | CVE-2020-8755 | Intel | Race Condition vulnerability in Intel products Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.4 |
2020-11-12 | CVE-2020-12356 | Intel Netapp | Out-of-bounds Read vulnerability in multiple products Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2020-11-11 | CVE-2020-5992 | Nvidia | Uncontrolled Search Path Element vulnerability in Nvidia Geforce NOW NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. | 4.4 |
2020-11-10 | CVE-2020-28368 | XEN Fedoraproject Debian | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
2020-11-10 | CVE-2020-5388 | Dell | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell Inspiron 15 7579 Firmware Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. | 4.4 |
2020-11-13 | CVE-2020-6157 | Opera | Unspecified vulnerability in Opera Touch Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. | 4.3 |
2020-11-13 | CVE-2020-26825 | SAP | Cross-site Scripting vulnerability in SAP Fiori Launchpad (News Tile Application) SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2020-11-12 | CVE-2020-27193 | Ckeditor Oracle | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | 4.3 |
2020-11-12 | CVE-2020-28415 | Tranzware Payment Gateway Project | Cross-site Scripting vulnerability in Tranzware Payment Gateway Project Tranzware Payment Gateway 3.1.12.3.2 A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. | 4.3 |
2020-11-12 | CVE-2020-28414 | Tranzware Payment Gateway Project | Cross-site Scripting vulnerability in Tranzware Payment Gateway Project Tranzware Payment Gateway 3.1.12.3.2 A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. | 4.3 |
2020-11-12 | CVE-2020-24443 | Adobe | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2020-11-12 | CVE-2020-24442 | Adobe | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2020-11-11 | CVE-2020-26221 | Touchbase AI Project | Cross-site Scripting vulnerability in Touchbase.Ai Project Touchbase.Ai touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). | 4.3 |
2020-11-11 | CVE-2020-26218 | Touchbase AI Project | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Touchbase.Ai Project Touchbase.Ai touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. | 4.3 |
2020-11-11 | CVE-2020-5426 | Vmware | Cleartext Transmission of Sensitive Information vulnerability in VMWare Pivotal Scheduler Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. | 4.3 |
2020-11-11 | CVE-2020-17015 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Spoofing Vulnerability | 4.3 |
2020-11-10 | CVE-2020-4760 | IBM | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. | 4.3 |
2020-11-10 | CVE-2020-4704 | IBM | Cross-site Scripting vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. | 4.3 |
2020-11-10 | CVE-2020-0450 | Improper Initialization vulnerability in Google Android In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. | 4.3 | |
2020-11-09 | CVE-2020-28364 | Locust | Cross-site Scripting vulnerability in Locust A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users. | 4.3 |
2020-11-09 | CVE-2020-24353 | Pega | Cross-site Scripting vulnerability in Pega Platform Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | 4.3 |
2020-11-09 | CVE-2020-28351 | Mitel | Cross-site Scripting vulnerability in Mitel Shoretel Firmware 19.46.1802.0 The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page. | 4.3 |
2020-11-09 | CVE-2020-24406 | Magento | Path Traversal vulnerability in Magento When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. | 4.3 |
2020-11-09 | CVE-2020-24405 | Magento | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. | 4.3 |
2020-11-11 | CVE-2020-17054 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Chakra Scripting Engine Memory Corruption Vulnerability | 4.2 |
2020-11-11 | CVE-2020-17048 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge Chakra Scripting Engine Memory Corruption Vulnerability | 4.2 |
2020-11-13 | CVE-2020-26223 | Spreecommerce | Incorrect Authorization vulnerability in Spreecommerce Spree Spree is a complete open source e-commerce solution built with Ruby on Rails. | 4.0 |
2020-11-13 | CVE-2020-8582 | Netapp | Unspecified vulnerability in Netapp Element OS and HCI Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information. | 4.0 |
2020-11-12 | CVE-2020-8669 | Intel | Improper Input Validation vulnerability in Intel Data Center Manager Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. | 4.0 |
2020-11-12 | CVE-2020-12353 | Intel | Improper Preservation of Permissions vulnerability in Intel Data Center Manager Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | 4.0 |
2020-11-12 | CVE-2020-12349 | Intel | Improper Input Validation vulnerability in Intel Data Center Manager Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. | 4.0 |
2020-11-12 | CVE-2020-12308 | Intel | Unspecified vulnerability in Intel Computing Improvement Program 2.4.0.04733/2.4.5718 Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. | 4.0 |
2020-11-10 | CVE-2020-6316 | SAP | Missing Authorization vulnerability in SAP ERP and S/4Hana SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.0 |
2020-11-10 | CVE-2020-26814 | SAP | Unspecified vulnerability in SAP Process Integration (Pgp Module - Business-To-Business ADD On) 1.0 SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure. | 4.0 |
2020-11-09 | CVE-2020-27017 | Trendmicro | XML Entity Expansion vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. | 4.0 |
2020-11-09 | CVE-2020-9300 | Netflix | Unspecified vulnerability in Netflix Dispatch The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. | 4.0 |
59 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-11-12 | CVE-2020-11132 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | 3.6 |
2020-11-13 | CVE-2020-7033 | Avaya | Cross-site Scripting vulnerability in Avaya Equinox Conferencing 9.0.0/9.1.9 A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. | 3.5 |
2020-11-11 | CVE-2020-26220 | Touchbase AI Project | Information Exposure vulnerability in Touchbase.Ai Project Touchbase.Ai toucbase.ai before version 2.0 leaks information by not stripping exif data from images. | 3.5 |
2020-11-10 | CVE-2020-25267 | Ilias | Cross-site Scripting vulnerability in Ilias 6.4.0 An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 3.5 |
2020-11-10 | CVE-2020-28409 | Dundas | Cross-site Scripting vulnerability in Dundas BI 5.0.1.1010 The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. | 3.5 |
2020-11-10 | CVE-2020-28408 | Dundas | Cross-site Scripting vulnerability in Dundas BI 5.0.1.1010 The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard. | 3.5 |
2020-11-09 | CVE-2020-9299 | Netflix | Cross-site Scripting vulnerability in Netflix Dispatch There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. | 3.5 |
2020-11-12 | CVE-2020-8766 | Intel | Improper Check for Unusual or Exceptional Conditions vulnerability in Intel Software Guard Extensions Data Center Attestation Primitives Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |
2020-11-12 | CVE-2020-12322 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |
2020-11-12 | CVE-2020-12319 | Intel | Unspecified vulnerability in Intel Proset/Wireless Wifi Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |
2020-11-12 | CVE-2020-12317 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Proset/Wireless Wifi Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |
2020-11-12 | CVE-2020-12314 | Intel | Improper Input Validation vulnerability in Intel Proset/Wireless Wifi Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |
2020-11-11 | CVE-2020-17020 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Word Microsoft Word Security Feature Bypass Vulnerability | 3.3 |
2020-11-10 | CVE-2020-27403 | TCL | Unspecified vulnerability in TCL products A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files & directories. | 3.3 |
2020-11-09 | CVE-2020-4651 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Spatial Asset Management IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2.9 |
2020-11-09 | CVE-2020-24404 | Magento | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. | 2.7 |
2020-11-09 | CVE-2020-24403 | Magento | Unspecified vulnerability in Magento Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. | 2.7 |
2020-11-13 | CVE-2020-26230 | Radarcovid | Information Exposure vulnerability in Radarcovid Radar-Covid-Backend-Dp3T-Server and Radarcovid Radar COVID is the official COVID-19 exposure notification app for Spain. | 2.6 |
2020-11-13 | CVE-2020-4886 | IBM | Insecure Storage of Sensitive Information vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. | 2.1 |
2020-11-12 | CVE-2020-12912 | AMD | Information Exposure Through Discrepancy vulnerability in AMD Energy Driver for Linux A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. | 2.1 |
2020-11-12 | CVE-2020-24460 | Intel | Incorrect Default Permissions vulnerability in Intel Driver & Support Assistant Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. | 2.1 |
2020-11-12 | CVE-2020-12328 | Intel | Information Exposure vulnerability in Intel Thunderbolt DCH Driver Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-12327 | Intel | Insecure Default Initialization of Resource vulnerability in Intel Thunderbolt DCH Driver Insecure default variable initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow a privileged user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-12326 | Intel | Improper Initialization vulnerability in Intel Thunderbolt DCH Driver Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-12316 | Intel | Insufficiently Protected Credentials vulnerability in Intel Endpoint Management Assistant 1.3.1/1.3.2/1.3.2.1 Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-0573 | Intel | Out-of-bounds Read vulnerability in Intel Csi2 Host Controller Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-8767 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel Quartus Prime Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access. | 2.1 |
2020-11-12 | CVE-2020-8761 | Intel | Inadequate Encryption Strength vulnerability in Intel Converged Security and Manageability Engine 13.30.0 Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2.1 |
2020-11-12 | CVE-2020-8751 | Intel | Information Exposure vulnerability in Intel products Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2.1 |
2020-11-12 | CVE-2020-8694 | Intel | Unspecified vulnerability in Intel products Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-8677 | Intel | Unspecified vulnerability in Intel Visual Compute Accelerator 2 Firmware Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. | 2.1 |
2020-11-12 | CVE-2020-12311 | Intel | Unspecified vulnerability in Intel products Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2.1 |
2020-11-12 | CVE-2020-12310 | Intel | Unspecified vulnerability in Intel products Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2.1 |
2020-11-12 | CVE-2020-12309 | Intel | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2.1 |
2020-11-12 | CVE-2020-0584 | Intel | Classic Buffer Overflow vulnerability in Intel products Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. | 2.1 |
2020-11-12 | CVE-2020-0575 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Unite Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. | 2.1 |
2020-11-12 | CVE-2020-9128 | Huawei | Inadequate Encryption Strength vulnerability in Huawei Fusioncompute 8.0.0 FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. | 2.1 |
2020-11-12 | CVE-2020-11209 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | 2.1 |
2020-11-12 | CVE-2020-11123 | Qualcomm | Unspecified vulnerability in Qualcomm products u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | 2.1 |
2020-11-12 | CVE-2020-2048 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Pan-Os An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. | 2.1 |
2020-11-11 | CVE-2020-8352 | Lenovo | Unspecified vulnerability in Lenovo products In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | 2.1 |
2020-11-11 | CVE-2020-16127 | Freedesktop | Infinite Loop vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. | 2.1 |
2020-11-11 | CVE-2020-16126 | Freedesktop | Unspecified vulnerability in Freedesktop Accountsservice An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | 2.1 |
2020-11-10 | CVE-2020-26807 | SAP | Incorrect Default Permissions vulnerability in SAP ERP Client for E-Bilanz 1.0 SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | 2.1 |
2020-11-10 | CVE-2020-4568 | IBM | Insufficiently Protected Credentials vulnerability in IBM Security KEY Lifecycle Manager 3.0/3.0.1/4.0 IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. | 2.1 |
2020-11-10 | CVE-2020-0454 | Missing Authorization vulnerability in Google Android 9.0 In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. | 2.1 | |
2020-11-10 | CVE-2020-0453 | Incorrect Default Permissions vulnerability in Google Android 8.0/8.1/9.0 In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. | 2.1 | |
2020-11-10 | CVE-2020-0448 | Incorrect Default Permissions vulnerability in Google Android In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. | 2.1 | |
2020-11-10 | CVE-2020-0443 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. | 2.1 | |
2020-11-10 | CVE-2020-0437 | Missing Authorization vulnerability in Google Android In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. | 2.1 | |
2020-11-10 | CVE-2020-0424 | Unspecified vulnerability in Google Android 10.0/11.0/9.0 In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. | 2.1 | |
2020-11-09 | CVE-2020-27693 | Trendmicro | Use of Password Hash With Insufficient Computational Effort vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated. | 2.1 |
2020-11-09 | CVE-2020-27019 | Trendmicro | Information Exposure vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | 2.1 |
2020-11-09 | CVE-2020-27018 | Trendmicro | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1 Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. | 2.1 |
2020-11-09 | CVE-2020-4650 | IBM | Information Exposure vulnerability in IBM Maximo Spatial Asset Management IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
2020-11-09 | CVE-2020-23139 | Microweber | Improper Authentication vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by broken authentication and session management. | 2.1 |
2020-11-09 | CVE-2020-23136 | Microweber | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber v1.1.18 is affected by no session expiry after log-out. | 2.1 |
2020-11-09 | CVE-2020-8276 | Brave | Cleartext Storage of Sensitive Information vulnerability in Brave The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. | 2.1 |
2020-11-09 | CVE-2020-8150 | Nextcloud | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | 1.9 |