Original release date: October 26, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — cyber_backup | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins_agent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | 2020-10-21 | 7.2 | CVE-2020-10138 MISC |
acronis — true_image | Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:jenkins_agent. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | 2020-10-21 | 7.2 | CVE-2020-10139 MISC |
adobe — animate | Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | 2020-10-21 | 9.3 | CVE-2020-9750 MISC |
adobe — animate | Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | 2020-10-21 | 9.3 | CVE-2020-9749 MISC |
adobe — animate | Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-21 | 9.3 | CVE-2020-9747 MISC |
apple — icloud | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | 7.5 | CVE-2020-9895 MISC MISC MISC MISC MISC MISC MISC |
apple — ipad_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory. | 2020-10-16 | 9.3 | CVE-2020-9958 MISC |
apple — ipad_os | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-16 | 9.3 | CVE-2020-9923 MISC MISC |
apple — ipad_os | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | 9.3 | CVE-2020-9907 MISC MISC |
apple — ipad_os | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2020-10-16 | 10 | CVE-2020-9918 MISC MISC MISC MISC |
apple — mac_os_x | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | 10 | CVE-2020-9864 MISC |
apple — mac_os_x | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-10-16 | 9.3 | CVE-2020-9799 MISC |
apple — xcode | This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. | 2020-10-16 | 9.3 | CVE-2020-9992 MISC MISC |
cisco — firepower_threat_defense | A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation for certain fields of specific SSL/TLS messages. An attacker could exploit this vulnerability by sending a malformed SSL/TLS message through an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. No manual intervention is needed to recover the device after it has reloaded. | 2020-10-21 | 7.1 | CVE-2020-3562 CISCO |
cisco — firepower_threat_defense | A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation upon receiving ICMP packets. An attacker could exploit this vulnerability by sending a high number of crafted ICMP or ICMPv6 packets to an affected device. A successful exploit could allow the attacker to cause a memory exhaustion condition that may result in an unexpected reload. No manual intervention is needed to recover the device after the reload. | 2020-10-21 | 7.8 | CVE-2020-3571 CISCO |
cisco — firepower_threat_defense | A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded. | 2020-10-21 | 7.8 | CVE-2020-3563 CISCO |
hp — intelligent_management_center | A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7168 MISC |
hp — intelligent_management_center | A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7187 MISC |
hp — intelligent_management_center | A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7186 MISC |
hp — intelligent_management_center | A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7143 MISC |
hp — intelligent_management_center | A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7176 MISC |
hp — intelligent_management_center | A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7154 MISC |
hp — intelligent_management_center | A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7157 MISC |
hp — intelligent_management_center | A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7160 MISC |
hp — intelligent_management_center | A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7161 MISC |
hp — intelligent_management_center | A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7162 MISC |
hp — intelligent_management_center | A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7163 MISC |
hp — intelligent_management_center | A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7164 MISC |
hp — intelligent_management_center | A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7165 MISC |
hp — intelligent_management_center | A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7167 MISC |
hp — intelligent_management_center | A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7156 MISC |
hp — intelligent_management_center | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7169 MISC |
hp — intelligent_management_center | A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7170 MISC |
hp — intelligent_management_center | A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7171 MISC |
hp — intelligent_management_center | A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7172 MISC |
hp — intelligent_management_center | A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7146 MISC |
hp — intelligent_management_center | A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7158 MISC |
hp — intelligent_management_center | A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7145 MISC |
hp — intelligent_management_center | A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7189 MISC |
hp — intelligent_management_center | A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7155 MISC |
hp — intelligent_management_center | A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7153 MISC |
hp — intelligent_management_center | A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7152 MISC |
hp — intelligent_management_center | A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7151 MISC |
hp — intelligent_management_center | A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7150 MISC |
hp — intelligent_management_center | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7149 MISC |
hp — intelligent_management_center | A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7159 MISC |
hp — intelligent_management_center | A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7188 MISC |
hp — intelligent_management_center | A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7166 MISC |
hp — intelligent_management_center | A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7190 MISC |
hp — intelligent_management_center | A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24652 MISC |
hp — intelligent_management_center | A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7147 MISC |
hp — intelligent_management_center | A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7175 MISC |
hp — intelligent_management_center | A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7181 MISC |
hp — intelligent_management_center | A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7180 MISC |
hp — intelligent_management_center | A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7179 MISC |
hp — intelligent_management_center | A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7178 MISC |
hp — intelligent_management_center | A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7177 MISC |
hp — intelligent_management_center | A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7148 MISC |
hp — intelligent_management_center | A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7174 MISC |
hp — intelligent_management_center | A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7183 MISC |
hp — intelligent_management_center | A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7173 MISC |
hp — intelligent_management_center | A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-24630 MISC |
hp — intelligent_management_center | A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7191 MISC |
hp — intelligent_management_center | A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24651 MISC |
hp — intelligent_management_center | A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24650 MISC |
hp — intelligent_management_center | A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7141 MISC |
hp — intelligent_management_center | A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24648 MISC |
hp — intelligent_management_center | A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7192 MISC |
hp — intelligent_management_center | A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7185 MISC |
hp — intelligent_management_center | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7193 MISC |
hp — intelligent_management_center | A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7195 MISC |
hp — intelligent_management_center | A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7142 MISC |
hp — intelligent_management_center | A remote bytemessageresource transformentity” input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24649 MISC |
hp — intelligent_management_center | A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24647 MISC |
hp — intelligent_management_center | A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24646 MISC |
hp — intelligent_management_center | A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-24629 MISC |
hp — intelligent_management_center | A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7194 MISC |
hp — intelligent_management_center | A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 10 | CVE-2020-7144 MISC |
hp — intelligent_management_center | A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7184 MISC |
hp — intelligent_management_center | A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 2020-10-19 | 9 | CVE-2020-7182 MISC |
jetbrains — youtrack | In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | 2020-10-19 | 7.5 | CVE-2020-15822 MISC CONFIRM |
loginizer — loginizer | The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | 2020-10-21 | 7.5 | CVE-2020-27615 MISC MISC MISC MISC |
microsoft — 365_apps | A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-17003. | 2020-10-16 | 9.3 | CVE-2020-16918 MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-16947 MISC MISC MISC |
microsoft — 365_apps | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka ‘Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-16957 MISC |
microsoft — 3d_viewer | A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka ‘Base3D Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16918. | 2020-10-16 | 9.3 | CVE-2020-17003 MISC |
microsoft — network_watcher_agent | An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux, aka ‘Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability’. | 2020-10-16 | 7.2 | CVE-2020-16995 MISC |
microsoft — powershellget | A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka ‘PowerShellGet Module WDAC Security Feature Bypass Vulnerability’. | 2020-10-16 | 7.2 | CVE-2020-16886 MISC |
microsoft — visual_studio_code | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-17023 MISC |
microsoft — visual_studio_code | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka ‘Visual Studio Code Python Extension Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-16977 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16907. | 2020-10-16 | 7.2 | CVE-2020-16913 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Setup Elevation of Privilege Vulnerability’. | 2020-10-16 | 7.2 | CVE-2020-16908 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16913. | 2020-10-16 | 7.2 | CVE-2020-16907 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. | 2020-10-16 | 7.2 | CVE-2020-16895 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’. | 2020-10-16 | 7.2 | CVE-2020-16891 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16968. | 2020-10-16 | 9.3 | CVE-2020-16967 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16923. | 2020-10-16 | 9.3 | CVE-2020-1167 MISC MISC |
microsoft — windows_10 | A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Denial of Service Vulnerability’. | 2020-10-16 | 7.8 | CVE-2020-16899 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-16911 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1047. | 2020-10-16 | 7.2 | CVE-2020-1080 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka ‘Windows Hyper-V Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1080. | 2020-10-16 | 7.2 | CVE-2020-1047 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka ‘Windows Camera Codec Pack Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16967. | 2020-10-16 | 9.3 | CVE-2020-16968 MISC MISC |
microsoft — windows_10 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability’. | 2020-10-16 | 7.8 | CVE-2020-16927 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka ‘Jet Database Engine Remote Code Execution Vulnerability’. | 2020-10-16 | 9.3 | CVE-2020-16924 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16916. | 2020-10-16 | 7.2 | CVE-2020-16935 MISC |
microsoft — windows_7 | A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Service Denial of Service Vulnerability’. | 2020-10-16 | 7.8 | CVE-2020-16863 MISC |
mintegral — mintegraladsdk | This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device. | 2020-10-19 | 10 | CVE-2020-7745 MISC MISC MISC MISC |
nagios — nagios_xi | Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | 2020-10-20 | 9 | CVE-2020-5791 MISC |
onethird — onethird | Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. | 2020-10-20 | 7.5 | CVE-2020-5640 MISC MISC |
oracle — business_intelligence | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 7.8 | CVE-2020-14864 MISC |
oracle — financial_services_analytical_applications_infrastructure | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). | 2020-10-21 | 7.8 | CVE-2020-14824 MISC |
oracle — flexcube_direct_banking | Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). | 2020-10-21 | 7.1 | CVE-2020-14897 MISC |
oracle — flexcube_direct_banking | Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). | 2020-10-21 | 7.1 | CVE-2020-14890 MISC |
oracle — hospitality_opera_5_property_services | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). | 2020-10-21 | 8.5 | CVE-2020-14858 MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2020-10-21 | 7.5 | CVE-2020-14760 CONFIRM MISC |
oracle — one-to-one_fulfillment | Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 – 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 7.8 | CVE-2020-14863 MISC |
oracle — peoplesoft_enterprise_scm_esupplier_connection | Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM eSupplier Connection. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise SCM eSupplier Connection accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM eSupplier Connection accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | 8.5 | CVE-2020-14865 MISC |
oracle — scheduler | Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Scheduler executes to compromise Scheduler. While the vulnerability is in Scheduler, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Scheduler. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | 2020-10-21 | 7.2 | CVE-2020-14735 MISC |
oracle — trade_management | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 7.8 | CVE-2020-14856 MISC |
oracle — universal_work_queue | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3 – 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 9 | CVE-2020-14862 MISC |
oracle — universal_work_queue | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 10 | CVE-2020-14855 MISC |
oracle — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 10 | CVE-2020-14859 MISC MISC |
oracle — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 7.5 | CVE-2020-14825 MISC MISC MISC MISC |
oracle — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 7.5 | CVE-2020-14841 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — true_image | Acronis True Image 2021 fails to properly set ACLs of the C:ProgramDataAcronis directory. Because some privileged processes are executed from the C:ProgramDataAcronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:ProgramDataAcronis. | 2020-10-21 | 6.9 | CVE-2020-10140 MISC |
adobe — illustrator | Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24413 MISC |
adobe — illustrator | Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24415 MISC |
adobe — illustrator | Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24414 MISC |
adobe — illustrator | Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24409 MISC MISC |
adobe — illustrator | Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24412 MISC |
adobe — illustrator | Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24410 MISC MISC |
adobe — illustrator | Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-20 | 6.8 | CVE-2020-24411 MISC MISC |
adobe — marketo_sales_insight | Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2020-10-20 | 4.3 | CVE-2020-24416 MISC |
advantech — r-seenet | The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | 2020-10-20 | 5 | CVE-2020-25157 MISC |
apple — icloud | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 2020-10-16 | 4.3 | CVE-2020-9915 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | 2020-10-16 | 6.5 | CVE-2020-9910 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. | 2020-10-16 | 4.3 | CVE-2020-9952 MISC MISC MISC MISC MISC MISC |
apple — icloud | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | 2020-10-16 | 4.3 | CVE-2020-9925 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | 2020-10-16 | 6.8 | CVE-2020-9862 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | 4.3 | CVE-2020-9894 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9893 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9936 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | 2020-10-16 | 5 | CVE-2020-9916 MISC MISC MISC MISC MISC MISC MISC |
apple — ipad_os | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files. | 2020-10-16 | 4.3 | CVE-2020-9968 MISC MISC MISC MISC |
apple — ipad_os | An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. | 2020-10-16 | 4.3 | CVE-2020-9885 MISC MISC MISC MISC |
apple — ipad_os | An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. | 2020-10-16 | 5 | CVE-2020-9914 MISC MISC |
apple — ipad_os | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information. | 2020-10-16 | 4.3 | CVE-2020-9976 MISC MISC MISC |
apple — ipad_os | This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. | 2020-10-16 | 5 | CVE-2020-9917 MISC |
apple — ipad_os | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. | 2020-10-16 | 5 | CVE-2020-9931 MISC |
apple — ipad_os | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. | 2020-10-16 | 4.9 | CVE-2020-9964 MISC |
apple — ipad_os | This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. | 2020-10-16 | 4.6 | CVE-2020-9946 MISC MISC |
apple — ipad_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9889 MISC MISC MISC MISC |
apple — ipad_os | An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information. | 2020-10-16 | 4.3 | CVE-2020-9933 MISC MISC MISC |
apple — ipad_os | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9878 MISC MISC MISC |
apple — ipad_os | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2020-10-16 | 4.3 | CVE-2020-9909 MISC MISC MISC |
apple — ipad_os | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9891 MISC MISC MISC MISC |
apple — ipad_os | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox. | 2020-10-16 | 6.8 | CVE-2020-9865 MISC MISC MISC MISC |
apple — ipad_os | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9888 MISC MISC MISC MISC |
apple — ipad_os | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9884 MISC |
apple — ipad_os | A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | 2020-10-16 | 6.5 | CVE-2020-9870 MISC MISC MISC |
apple — ipad_os | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9890 MISC MISC MISC MISC |
apple — safari | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | 2020-10-16 | 6.8 | CVE-2020-9983 MISC |
apple — safari | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. | 2020-10-16 | 5 | CVE-2020-9911 MISC MISC |
apple — safari | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. | 2020-10-16 | 5 | CVE-2020-9903 MISC MISC |
apple — safari | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9948 MISC |
apple — safari | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-16 | 6.8 | CVE-2020-9951 MISC |
appneta — tcpreplay | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | 2020-10-19 | 5 | CVE-2020-24266 MISC |
appneta — tcpreplay | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | 2020-10-19 | 5 | CVE-2020-24265 MISC |
boltbrowser — bolt_browser | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko’s Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions. | 2020-10-20 | 4.3 | CVE-2020-7370 MISC MISC |
cisco — firepower_threat_defense | A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload. | 2020-10-21 | 6.1 | CVE-2020-3577 CISCO |
cisco — firepower_threat_defense | A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped. | 2020-10-21 | 4.3 | CVE-2020-3565 CISCO |
cisco — firepower_threat_defense | A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances. The vulnerability is due to insufficient input validation in the ssl_inspection component. An attacker could exploit this vulnerability by sending a malformed TLS packet through a Cisco Adaptive Security Appliance (ASA). A successful exploit could allow the attacker to crash a Snort instance, resulting in a denial of service (DoS) condition. | 2020-10-21 | 5 | CVE-2020-3317 CISCO |
clamxav — clamxav | An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3’s helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool. | 2020-10-16 | 4.6 | CVE-2020-26893 MISC |
cminds — cm_download_manager | The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. | 2020-10-21 | 4.3 | CVE-2020-27344 MISC MISC |
dell — emc_networker | Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform ‘saveset’ related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. | 2020-10-16 | 4 | CVE-2020-26182 CONFIRM |
dell — emc_networker | Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform ‘nsrmmdbd’ operations in an unintended manner. | 2020-10-16 | 4 | CVE-2020-26183 CONFIRM |
gitea — gitea | ** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution. NOTE: The vendor has indicated this is not a vulnerability and states “This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.” | 2020-10-16 | 6.5 | CVE-2020-14144 MISC MISC MISC MISC MISC |
gogs — gogs | The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. | 2020-10-16 | 6.5 | CVE-2020-15867 MISC |
gopro — gpmf-parser | GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution. | 2020-10-19 | 6.8 | CVE-2020-16158 MISC MISC |
huawei — mate_20_firmware | HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. | 2020-10-19 | 5.4 | CVE-2020-9113 MISC |
huawei — mate_30_firmware | HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution. | 2020-10-19 | 6.8 | CVE-2020-9263 MISC |
ibm — elastic_storage_server | IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. | 2020-10-20 | 4.9 | CVE-2020-4756 XF CONFIRM CONFIRM |
ibm — resilient_security_orchestration_automation_and_response | IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. | 2020-10-16 | 6.5 | CVE-2020-4636 XF CONFIRM |
ibm — security_guardium_big_data_intelligence | IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. | 2020-10-16 | 5 | CVE-2020-4254 XF CONFIRM |
ibm — spectrum_scale | IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. | 2020-10-20 | 4.3 | CVE-2020-4749 XF CONFIRM |
ibm — spectrum_scale | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517. | 2020-10-20 | 4.3 | CVE-2020-4748 XF CONFIRM |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. | 2020-10-20 | 6.5 | CVE-2019-4680 XF CONFIRM |
infinispan — infinispan | A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server. | 2020-10-19 | 5.6 | CVE-2020-10746 MISC |
libass_project — libass | In libass 0.14.0, the `ass_outline_construct`’s call to `outline_stroke` causes a signed integer overflow. | 2020-10-16 | 6.8 | CVE-2020-26682 MISC MISC |
magento — magento | Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This vulnerability requires a victim to browse to the uploaded file. | 2020-10-16 | 4.3 | CVE-2020-24408 MISC |
microsoft — .net_framework | An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory, aka ‘.NET Framework Information Disclosure Vulnerability’. | 2020-10-16 | 4.3 | CVE-2020-16937 MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16931. | 2020-10-16 | 6.8 | CVE-2020-16932 MISC MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16931, CVE-2020-16932. | 2020-10-16 | 6.8 | CVE-2020-16930 MISC MISC MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16930, CVE-2020-16931, CVE-2020-16932. | 2020-10-16 | 6.8 | CVE-2020-16929 MISC MISC |
microsoft — 365_apps | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16934. | 2020-10-16 | 6.8 | CVE-2020-16955 MISC |
microsoft — 365_apps | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16928, CVE-2020-16955. | 2020-10-16 | 6.8 | CVE-2020-16934 MISC |
microsoft — 365_apps | An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files, aka ‘Microsoft Office Click-to-Run Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16934, CVE-2020-16955. | 2020-10-16 | 6.8 | CVE-2020-16928 MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Remote Code Execution Vulnerability’. | 2020-10-16 | 6.8 | CVE-2020-16954 MISC |
microsoft — 365_apps | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16929, CVE-2020-16930, CVE-2020-16932. | 2020-10-16 | 6.8 | CVE-2020-16931 MISC MISC |
microsoft — exchange_server | An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka ‘Microsoft Exchange Information Disclosure Vulnerability’. | 2020-10-16 | 4.3 | CVE-2020-16969 MISC |
microsoft — sharepoint_enterprise_server | An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950. | 2020-10-16 | 4 | CVE-2020-16953 MISC |
microsoft — sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16951. | 2020-10-16 | 6.8 | CVE-2020-16952 MISC MISC |
microsoft — sharepoint_enterprise_server | An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | 4 | CVE-2020-16948 MISC |
microsoft — sharepoint_enterprise_server | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-16952. | 2020-10-16 | 6.8 | CVE-2020-16951 MISC |
microsoft — sharepoint_server | An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953. | 2020-10-16 | 4.3 | CVE-2020-16950 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16973 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka ‘Microsoft Windows Codecs Library Remote Code Execution Vulnerability’. | 2020-10-16 | 6.8 | CVE-2020-17022 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka ‘Group Policy Elevation of Privilege Vulnerability’. | 2020-10-16 | 4.6 | CVE-2020-16939 MISC MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16972 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16912 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16974 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16975 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16909. | 2020-10-16 | 4.6 | CVE-2020-16905 MISC |
microsoft — windows_10 | A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka ‘Windows Security Feature Bypass Vulnerability’. | 2020-10-16 | 4.3 | CVE-2020-16910 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975. | 2020-10-16 | 4.6 | CVE-2020-16976 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16876. | 2020-10-16 | 4.6 | CVE-2020-16920 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets, aka ‘Windows TCP/IP Remote Code Execution Vulnerability’. | 2020-10-16 | 5.8 | CVE-2020-16898 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16905. | 2020-10-16 | 4.6 | CVE-2020-16909 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka ‘Windows Application Compatibility Client Library Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16920. | 2020-10-16 | 4.6 | CVE-2020-16876 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Backup Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16912, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976. | 2020-10-16 | 4.6 | CVE-2020-16936 MISC |
microsoft — windows_10 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka ‘Windows Hyper-V Denial of Service Vulnerability’. | 2020-10-16 | 4.6 | CVE-2020-1243 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka ‘Windows Storage Services Elevation of Privilege Vulnerability’. | 2020-10-16 | 4.6 | CVE-2020-0764 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka ‘Microsoft Graphics Components Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1167. | 2020-10-16 | 6.8 | CVE-2020-16923 MISC |
microsoft — windows_10 | A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka ‘Windows NAT Remote Code Execution Vulnerability’. | 2020-10-16 | 6.8 | CVE-2020-16894 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka ‘Windows – User Profile Service Elevation of Privilege Vulnerability’. | 2020-10-16 | 4.9 | CVE-2020-16940 MISC MISC |
microsoft — windows_10 | An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability’. | 2020-10-16 | 5 | CVE-2020-16896 MISC |
microsoft — windows_10 | A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka ‘Microsoft Outlook Denial of Service Vulnerability’. | 2020-10-16 | 5 | CVE-2020-16949 MISC |
microsoft — windows_10 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. | 2020-10-16 | 6.8 | CVE-2020-16915 MISC MISC |
microsoft — windows_10 | A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka ‘Microsoft Word Security Feature Bypass Vulnerability’. | 2020-10-16 | 6.8 | CVE-2020-16933 MISC |
microsoft — windows_server_2012 | An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka ‘Windows iSCSI Target Service Elevation of Privilege Vulnerability’. | 2020-10-16 | 4.6 | CVE-2020-16980 MISC |
mind — imind_server | InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | 2020-10-20 | 5 | CVE-2020-24765 MISC |
mozilla — network_security_services | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | 2020-10-20 | 5 | CVE-2020-25648 MISC MISC |
nagios — nagios_xi | Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 2020-10-20 | 6.5 | CVE-2020-5792 MISC |
nagios — nagios_xi | Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 2020-10-20 | 4.3 | CVE-2020-5790 MISC |
olimpoks — olimpok | OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries. | 2020-10-16 | 4.3 | CVE-2020-16270 MISC MISC MISC |
oracle — application_express | Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14899 MISC |
oracle — application_express | Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Group Calendar accessible data as well as unauthorized read access to a subset of Oracle Application Express Group Calendar accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14900 MISC |
oracle — application_express | Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14762 MISC |
oracle — application_express | Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Packaged Apps accessible data as well as unauthorized read access to a subset of Oracle Application Express Packaged Apps accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14898 MISC |
oracle — application_express | Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14763 MISC |
oracle — applications_framework | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14746 MISC |
oracle — applications_manager | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 5 | CVE-2020-14811 MISC |
oracle — applications_manager | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 5 | CVE-2020-14826 MISC |
oracle — applications_manager | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Manager accessible data as well as unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | 2020-10-21 | 6.4 | CVE-2020-14761 MISC |
oracle — banking_corporate_lending | Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 6.8 | CVE-2020-14894 MISC |
oracle — banking_payments | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 6.8 | CVE-2020-14896 MISC |
oracle — business_intelligence | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14815 MISC |
oracle — business_intelligence | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | 2020-10-21 | 5.5 | CVE-2020-14766 MISC |
oracle — core_rdbms | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYSDBA level account privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | 2020-10-21 | 5.5 | CVE-2020-14742 MISC |
oracle — customer_relationship_management_technical_foundation | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 – 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | 5.5 | CVE-2020-14823 MISC |
oracle — database | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 6.8 | CVE-2020-14901 MISC |
oracle — database_filesystem | Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfs_role privilege with network access via Oracle Net to compromise Database Filesystem. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Filesystem. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14741 MISC |
oracle — database_vault | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public Synonym privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Vault accessible data as well as unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | 2020-10-21 | 6.5 | CVE-2020-14736 MISC |
oracle — e-business_suite_secure_enterprise_search | Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite Secure Enterprise Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle E-Business Suite Secure Enterprise Search accessible data as well as unauthorized access to critical data or complete access to all Oracle E-Business Suite Secure Enterprise Search accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | 6.4 | CVE-2020-14805 MISC |
oracle — flexcube_universal_banking | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 6.8 | CVE-2020-14887 MISC |
oracle — graalvm | Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 5 | CVE-2020-14803 CONFIRM MISC |
oracle — hospitality_suite | Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14807 MISC |
oracle — hospitality_suite8 | Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14810 MISC |
oracle — hyperion_lifecycle_management | Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | 2020-10-21 | 4.9 | CVE-2020-14752 MISC |
oracle — installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | 2020-10-21 | 4.3 | CVE-2020-14822 MISC |
oracle — java_virtual_machine | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | 2020-10-21 | 4.9 | CVE-2020-14743 MISC |
oracle — marketing | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14849 MISC |
oracle — marketing | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14835 MISC |
oracle — marketing | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14816 MISC |
oracle — marketing | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14817 MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14844 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14846 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14789 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14786 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14830 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14793 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14809 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14794 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14799 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14804 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14848 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14893 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14829 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14821 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 6.5 | CVE-2020-14828 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14814 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 4 | CVE-2020-14827 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14888 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 6.8 | CVE-2020-14891 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4 | CVE-2020-14790 CONFIRM MISC |
oracle — one-to-one_fulfillment | Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14819 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14813 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.3 | CVE-2020-14802 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 4.3 | CVE-2020-14801 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). | 2020-10-21 | 4.3 | CVE-2020-14795 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 5 | CVE-2020-14806 MISC |
oracle — peoplesoft_enterprise_peopletools | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14832 MISC |
oracle — rest_data_services | Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 4 | CVE-2020-14744 MISC |
oracle — rest_data_services | Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 4 | CVE-2020-14745 MISC |
oracle — solaris | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4.9 | CVE-2020-14754 MISC |
oracle — text | Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | 6.8 | CVE-2020-14734 MISC |
oracle — trade_management | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14833 MISC |
oracle — trade_management | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14808 MISC |
oracle — trade_management | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14834 MISC |
oracle — trade_management | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | 5.8 | CVE-2020-14857 MISC |
oracle — utilities_framework | Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 – 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | 2020-10-21 | 5.5 | CVE-2020-14895 MISC |
oracle — vm_virtualbox | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2020-10-21 | 4.9 | CVE-2020-14889 MISC |
oracle — vm_virtualbox | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2020-10-21 | 4.9 | CVE-2020-14886 MISC MISC |
oracle — vm_virtualbox | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | 4.9 | CVE-2020-14892 MISC |
oracle — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2020-10-21 | 5 | CVE-2020-14820 MISC |
oracle — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). | 2020-10-21 | 6.8 | CVE-2020-14757 MISC |
orchid — platform | In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4. | 2020-10-19 | 4.3 | CVE-2020-15263 MISC CONFIRM |
powerdns — recursor | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). | 2020-10-16 | 5 | CVE-2020-25829 SUSE CONFIRM |
sap — 3d_visual_enterprise_viewer | SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. | 2020-10-20 | 4.3 | CVE-2020-6315 MISC MISC |
sap — banking_services | SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component. | 2020-10-20 | 6.8 | CVE-2020-6362 MISC MISC |
sap — businessobjects_business_intelligence_platform | SAP BusinessObjects Business Intelligence Platform (Web Services) versions – 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability. | 2020-10-20 | 5 | CVE-2020-6308 MISC MISC |
sap — netweaver_compare_systems | SAP NetWeaver (Compare Systems) versions – 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service. | 2020-10-20 | 5.5 | CVE-2020-6366 MISC MISC |
sap — netweaver_composite_application_framework | There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions – 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified. | 2020-10-20 | 4.3 | CVE-2020-6367 MISC MISC |
ts.ed_project — ts.ed | This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | 2020-10-20 | 6.8 | CVE-2020-7748 MISC MISC MISC |
yandex — yandex_browser | User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020. | 2020-10-20 | 4.3 | CVE-2020-7369 MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — ipad_os | An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. | 2020-10-16 | 2.1 | CVE-2020-9934 MISC MISC |
apple — ipad_os | A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. | 2020-10-16 | 2.1 | CVE-2020-9959 MISC |
apple — mac_os_x | This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | 2020-10-16 | 2.1 | CVE-2020-9913 MISC |
apple — safari | A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode. | 2020-10-16 | 2.1 | CVE-2020-9912 MISC |
cisco — firepower_threat_defense | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access. | 2020-10-21 | 1.9 | CVE-2020-3352 CISCO |
halgatewood — testimonial_rotator | Testimonial Rotator WordPress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in “cite” parameter, the payload will be stored in the database. | 2020-10-16 | 3.5 | CVE-2020-26672 MISC |
huawei — mate_20_firmware | HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. | 2020-10-19 | 2.1 | CVE-2020-9092 MISC |
ibm — spectrum_scale | IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | 2020-10-20 | 2.1 | CVE-2020-4491 XF CONFIRM |
ibm — spectrum_scale | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595. | 2020-10-20 | 3.5 | CVE-2020-4755 XF CONFIRM |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. | 2020-10-20 | 3.5 | CVE-2020-4564 XF CONFIRM CONFIRM |
lightning-viz — lightning | This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller. | 2020-10-20 | 3.5 | CVE-2020-7747 MISC MISC MISC |
microsoft — dynamics_365 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka ‘Dynamics 365 Commerce Elevation of Privilege Vulnerability’. | 2020-10-16 | 3.3 | CVE-2020-16943 MISC |
microsoft — dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16978. | 2020-10-16 | 3.5 | CVE-2020-16956 MISC |
microsoft — dynamics_365 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’. This CVE ID is unique from CVE-2020-16956. | 2020-10-16 | 3.5 | CVE-2020-16978 MISC |
microsoft — sharepoint_designer | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16945. | 2020-10-16 | 3.5 | CVE-2020-16946 MISC |
microsoft — sharepoint_enterprise_server | An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | 2.1 | CVE-2020-16941 MISC |
microsoft — sharepoint_enterprise_server | This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’. | 2020-10-16 | 3.5 | CVE-2020-16944 MISC |
microsoft — sharepoint_enterprise_server | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-16946. | 2020-10-16 | 3.5 | CVE-2020-16945 MISC |
microsoft — sharepoint_enterprise_server | An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka ‘Microsoft SharePoint Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953. | 2020-10-16 | 2.1 | CVE-2020-16942 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16938. | 2020-10-16 | 2.1 | CVE-2020-16901 MISC |
microsoft — windows_10 | An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka ‘Windows Elevation of Privilege Vulnerability’. | 2020-10-16 | 3.6 | CVE-2020-16877 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka ‘NetBT Information Disclosure Vulnerability’. | 2020-10-16 | 2.1 | CVE-2020-16897 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows Enterprise App Management Service improperly handles certain file operations, aka ‘Windows Enterprise App Management Service Information Disclosure Vulnerability’. | 2020-10-16 | 2.1 | CVE-2020-16919 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI+ Information Disclosure Vulnerability’. | 2020-10-16 | 2.1 | CVE-2020-16914 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-16901. | 2020-10-16 | 2.1 | CVE-2020-16938 MISC |
microsoft — windows_10 | An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory, aka ‘Windows Text Services Framework Information Disclosure Vulnerability’. | 2020-10-16 | 2.1 | CVE-2020-16921 MISC |
microsoft — windows_10 | A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka ‘Windows Spoofing Vulnerability’. | 2020-10-16 | 2.1 | CVE-2020-16922 MISC |
oracle — hospitality_reporting_and_analytics | Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). | 2020-10-21 | 1.9 | CVE-2020-14753 MISC |
oracle — hyperion_bi+ | Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N). | 2020-10-21 | 2.1 | CVE-2020-14767 MISC |
oracle — hyperion_planning | Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Planning accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | 2020-10-21 | 2.1 | CVE-2020-14764 MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2020-10-21 | 3.5 | CVE-2020-14791 CONFIRM MISC |
oracle — retail_customer_management_and_segmentation_foundation | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 3.5 | CVE-2020-14732 MISC |
oracle — retail_customer_management_and_segmentation_foundation | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | 3.5 | CVE-2020-14731 MISC |
oracle — solaris | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N). | 2020-10-21 | 2.1 | CVE-2020-14818 MISC |
oracle — solaris | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N). | 2020-10-21 | 3.3 | CVE-2020-14759 MISC |
oracle — solaris | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L). | 2020-10-21 | 3.6 | CVE-2020-14758 MISC |
oracle — sql_developer | Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Account privilege with logon to the infrastructure where SQL Developer Install executes to compromise SQL Developer Install. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of SQL Developer Install accessible data. CVSS 3.1 Base Score 2.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N). | 2020-10-21 | 1.9 | CVE-2020-14740 MISC |
sap — netweaver_design_time_repository | SAP NetWeaver Design Time Repository (DTR), versions – 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2020-10-20 | 3.5 | CVE-2020-6370 MISC MISC |
vmware — horizon_client | VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. | 2020-10-16 | 3.6 | CVE-2020-3991 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — after_effects |
Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit. | 2020-10-21 | not yet calculated | CVE-2020-24418 MISC |
adobe — after_effects |
Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-10-21 | not yet calculated | CVE-2020-24419 MISC |
adobe — animate |
Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | 2020-10-21 | not yet calculated | CVE-2020-9748 MISC |
adobe — creative_cloud_desktop_application |
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-10-21 | not yet calculated | CVE-2020-24422 MISC |
adobe — dreamweaver |
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges. | 2020-10-21 | not yet calculated | CVE-2020-24425 MISC |
adobe — indesign |
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2020-10-21 | not yet calculated | CVE-2020-24421 MISC |
adobe — magento |
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4. | 2020-10-21 | not yet calculated | CVE-2020-15244 MISC CONFIRM |
adobe — media_encoder |
Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-10-21 | not yet calculated | CVE-2020-24423 MISC |
adobe — photoshop |
Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-10-21 | not yet calculated | CVE-2020-24420 MISC |
adobe — premiere_pro |
Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2020-10-21 | not yet calculated | CVE-2020-24424 MISC |
amazon — aws_firecracker |
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. | 2020-10-16 | not yet calculated | CVE-2020-27174 MLIST MISC MISC MISC |
anuko — time_tracker |
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325. | 2020-10-16 | not yet calculated | CVE-2020-15255 MISC CONFIRM |
apache — hadoop |
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. | 2020-10-21 | not yet calculated | CVE-2018-11764 MISC |
apache — kylin |
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin’s configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone. | 2020-10-19 | not yet calculated | CVE-2020-13937 MISC |
apereo — cas |
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. | 2020-10-16 | not yet calculated | CVE-2020-27178 MISC |
apple — macos_catalina | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. | 2020-10-22 | not yet calculated | CVE-2020-9779 MISC |
apple — macos_catalina | A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9990 MISC |
apple — macos_catalina |
This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. | 2020-10-22 | not yet calculated | CVE-2020-9771 MISC |
apple — macos_catalina |
A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information. | 2020-10-22 | not yet calculated | CVE-2020-9986 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. | 2020-10-22 | not yet calculated | CVE-2020-3898 MISC |
apple — macos_catalina |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files. | 2020-10-22 | not yet calculated | CVE-2020-3915 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9887 MISC |
apple — macos_catalina |
A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9796 MISC |
apple — macos_catalina |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window. | 2020-10-22 | not yet calculated | CVE-2020-9810 MISC |
apple — macos_catalina |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information. | 2020-10-22 | not yet calculated | CVE-2020-9828 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination. | 2020-10-22 | not yet calculated | CVE-2020-9869 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9899 MISC |
apple — macos_catalina |
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. | 2020-10-22 | not yet calculated | CVE-2020-9997 MISC MISC |
apple — macos_catalina |
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions. | 2020-10-22 | not yet calculated | CVE-2020-9939 MISC |
apple — macos_catalina |
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. | 2020-10-22 | not yet calculated | CVE-2020-9935 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory. | 2020-10-22 | not yet calculated | CVE-2020-9929 MISC |
apple — macos_catalina |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9928 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9927 MISC |
apple — macos_catalina |
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service. | 2020-10-22 | not yet calculated | CVE-2020-9924 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-22 | not yet calculated | CVE-2020-9921 MISC |
apple — macos_catalina |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory. | 2020-10-22 | not yet calculated | CVE-2020-9908 MISC |
apple — macos_catalina |
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout. | 2020-10-22 | not yet calculated | CVE-2020-9853 MISC |
apple — multiple_products | A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate. | 2020-10-22 | not yet calculated | CVE-2020-9868 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9938 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9872 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout. | 2020-10-22 | not yet calculated | CVE-2020-9902 MISC MISC MISC MISC |
apple — multiple_products | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-22 | not yet calculated | CVE-2020-9892 MISC MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges. | 2020-10-22 | not yet calculated | CVE-2020-9854 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences. | 2020-10-22 | not yet calculated | CVE-2020-9787 MISC MISC MISC MISC |
apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9873 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9883 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9880 MISC MISC MISC MISC |
apple — multiple_products | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges. | 2020-10-22 | not yet calculated | CVE-2020-9900 MISC MISC MISC MISC |
apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9881 MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9984 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9937 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9879 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9882 MISC MISC MISC |
apple — multiple_products |
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files. | 2020-10-22 | not yet calculated | CVE-2020-9920 MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2020-10-22 | not yet calculated | CVE-2020-9906 MISC MISC MISC |
apple — multiple_products |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9877 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions. | 2020-10-22 | not yet calculated | CVE-2020-9898 MISC MISC |
apple — multiple_products |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service. | 2020-10-22 | not yet calculated | CVE-2020-9905 MISC MISC MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9904 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9876 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9919 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9874 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions. | 2020-10-22 | not yet calculated | CVE-2020-9772 MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9940 MISC MISC MISC |
apple — multiple_products |
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9875 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information. | 2020-10-22 | not yet calculated | CVE-2020-3918 MISC MISC MISC MISC |
apple — multiple_products |
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges. | 2020-10-22 | not yet calculated | CVE-2020-9901 MISC MISC MISC |
apple — multiple_products |
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files. | 2020-10-22 | not yet calculated | CVE-2020-9994 MISC MISC MISC MISC |
apple — multiple_products |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9985 MISC MISC MISC |
apple — multiple_products |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-22 | not yet calculated | CVE-2020-9863 MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9871 MISC MISC MISC MISC MISC MISC MISC |
apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2020-10-22 | not yet calculated | CVE-2020-9980 MISC MISC MISC MISC |
aptean — product_configurator |
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. | 2020-10-16 | not yet calculated | CVE-2020-26944 MISC MISC |
arista — eos |
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed. | 2020-10-21 | not yet calculated | CVE-2020-17355 CONFIRM |
atmel — advanced_software_framework |
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | 2020-10-22 | not yet calculated | CVE-2019-16127 MISC MISC MLIST |
atomxcms — atomxcms |
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | 2020-10-22 | not yet calculated | CVE-2020-26649 MISC |
atomxcms — atomxcms |
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | 2020-10-22 | not yet calculated | CVE-2020-26650 MISC |
bass — audio_library
|
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service. | 2020-10-16 | not yet calculated | CVE-2019-19513 MISC MISC |
bass — audio_library
|
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive. | 2020-10-16 | not yet calculated | CVE-2019-18796 MISC MISC |
bass — audio_library |
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | 2020-10-16 | not yet calculated | CVE-2019-18794 MISC MISC |
bass — audio_library |
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service. | 2020-10-16 | not yet calculated | CVE-2019-18795 MISC MISC |
belkin — linksys_wrt160nl |
** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-23 | not yet calculated | CVE-2020-26561 MISC |
bender — multiple_devices |
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0. | 2020-10-16 | not yet calculated | CVE-2019-19885 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2020-10-21 | not yet calculated | CVE-2020-27606 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 2020-10-21 | not yet calculated | CVE-2020-27603 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a “schwache Sandbox.” | 2020-10-21 | not yet calculated | CVE-2020-27605 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. | 2020-10-21 | not yet calculated | CVE-2020-27604 MISC MISC |
bigbluebutton — bigbluebutton |
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 2020-10-21 | not yet calculated | CVE-2020-25820 MISC MISC MISC MISC MISC |
bigbluebutton — bigbluebutton |
In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties. | 2020-10-21 | not yet calculated | CVE-2020-27607 MISC |
bigbluebutton — bigbluebutton |
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. | 2020-10-21 | not yet calculated | CVE-2020-27608 MISC |
bigbluebutton — bigbluebutton |
The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | 2020-10-21 | not yet calculated | CVE-2020-27610 MISC |
bigbluebutton — bigbluebutton |
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | 2020-10-21 | not yet calculated | CVE-2020-27613 MISC |
bigbluebutton — bigbluebutton |
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window. | 2020-10-21 | not yet calculated | CVE-2020-27612 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | 2020-10-21 | not yet calculated | CVE-2020-27611 MISC |
bigbluebutton — bigbluebutton |
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant. | 2020-10-21 | not yet calculated | CVE-2020-27609 MISC MISC |
bigbluebutton — bigbluebutton |
A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6. | 2020-10-22 | not yet calculated | CVE-2020-27642 MISC |
biscom — secure_file_transfer |
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | 2020-10-22 | not yet calculated | CVE-2020-27646 MISC |
blinger.io — blinger.io |
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed. | 2020-10-19 | not yet calculated | CVE-2019-13633 MISC MISC |
boxstarter — boxstarter |
The Boxstarter installer before version 2.13.0 configures C:ProgramDataBoxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it’ll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0 | 2020-10-20 | not yet calculated | CVE-2020-15264 MISC CONFIRM CERT-VN |
cisco — adapative_security_appliance_and_firepwoer_threat_defense_software |
A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device. | 2020-10-21 | not yet calculated | CVE-2020-3572 CISCO |
cisco — adaptive_security_appliance_and_cisco_firepower_threat_defense_software |
A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections. | 2020-10-21 | not yet calculated | CVE-2020-3564 CISCO |
cisco — adaptive_security_appliance_and_cisco_firepower_threat_defense_software |
A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites. | 2020-10-21 | not yet calculated | CVE-2020-3561 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense)software |
A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device. | 2020-10-21 | not yet calculated | CVE-2020-3555 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | 2020-10-21 | not yet calculated | CVE-2020-3581 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | 2020-10-21 | not yet calculated | CVE-2020-3583 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | 2020-10-21 | not yet calculated | CVE-2020-3580 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device. | 2020-10-21 | not yet calculated | CVE-2020-3578 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device | 2020-10-21 | not yet calculated | CVE-2020-3585 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device. | 2020-10-21 | not yet calculated | CVE-2020-3554 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | 2020-10-21 | not yet calculated | CVE-2020-3582 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker could exploit this vulnerability by sending crafted, fragmented IP traffic to a targeted device. A successful exploit could allow the attacker to continuously consume memory on the affected device and eventually impact traffic, resulting in a DoS condition. The device could require a manual reboot to recover from the DoS condition. Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version 6 (IPv6) traffic. | 2020-10-21 | not yet calculated | CVE-2020-3373 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation when the affected software processes certain OSPFv2 packets with Link-Local Signaling (LLS) data. An attacker could exploit this vulnerability by sending a malformed OSPFv2 packet to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. | 2020-10-21 | not yet calculated | CVE-2020-3528 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots. | 2020-10-21 | not yet calculated | CVE-2020-3458 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition. | 2020-10-21 | not yet calculated | CVE-2020-3436 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic. | 2020-10-21 | not yet calculated | CVE-2020-3304 CISCO |
cisco — adaptive_security_appliance_and_firepower_threat_defense_software |
A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition. | 2020-10-21 | not yet calculated | CVE-2020-3529 CISCO |
cisco — adaptive_security_appliance_software |
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-10-21 | not yet calculated | CVE-2020-3599 CISCO |
cisco — firepower_chassis_manager |
A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user. | 2020-10-21 | not yet calculated | CVE-2020-3456 CISCO |
cisco — firepower_management_center |
A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in. | 2020-10-21 | not yet calculated | CVE-2020-3410 CISCO |
cisco — firepower_management_center_and_firepower_threat_defense_software |
A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device. | 2020-10-21 | not yet calculated | CVE-2020-3550 CISCO |
cisco — firepower_management_center_and_firepower_threat_defense_software |
A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | 2020-10-21 | not yet calculated | CVE-2020-3549 CISCO |
cisco — firepower_management_center_software |
A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API. | 2020-10-21 | not yet calculated | CVE-2020-3557 CISCO |
cisco — firepower_management_center_software |
A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices. | 2020-10-21 | not yet calculated | CVE-2020-3499 CISCO |
cisco — firepower_management_center_software |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-10-21 | not yet calculated | CVE-2020-3553 CISCO |
cisco — firepower_management_center_software |
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2020-10-21 | not yet calculated | CVE-2020-3515 CISCO |
cisco — firepower_management_center_software |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | 2020-10-21 | not yet calculated | CVE-2020-3558 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device. | 2020-10-21 | not yet calculated | CVE-2020-3514 CISCO |
cisco — firepower_threat_defense_software |
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP. | 2020-10-21 | not yet calculated | CVE-2020-3533 CISCO |
cisco — fxos_software |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | 2020-10-21 | not yet calculated | CVE-2020-3457 CISCO |
cisco — fxos_software |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | 2020-10-21 | not yet calculated | CVE-2020-3459 CISCO |
cisco — fxos_software |
A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots. | 2020-10-21 | not yet calculated | CVE-2020-3455 CISCO |
cisco — multiple_products | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload. | 2020-10-21 | not yet calculated | CVE-2020-3299 CISCO |
comtrend — ar-5387un_routers |
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | 2020-10-23 | not yet calculated | CVE-2018-8062 MISC |
crmeb — crmeb |
A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | 2020-10-23 | not yet calculated | CVE-2020-25466 MISC MISC MISC |
crossbeam — crossbeam |
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4. | 2020-10-16 | not yet calculated | CVE-2020-15254 MISC MISC CONFIRM MISC |
cryptopro — csp |
CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel’s address space. | 2020-10-23 | not yet calculated | CVE-2020-9331 MISC |
cryptopro — csp |
CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | 2020-10-23 | not yet calculated | CVE-2020-9361 MISC |
dedetech — dedecms |
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 2020-10-22 | not yet calculated | CVE-2020-27533 MISC |
domainmod — domainmod |
DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | 2020-10-20 | not yet calculated | CVE-2019-9080 MISC |
eclipse — jetty |
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system’s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. | 2020-10-23 | not yet calculated | CVE-2020-27216 CONFIRM CONFIRM |
elasticsearch — elasticsearch |
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | 2020-10-22 | not yet calculated | CVE-2020-7020 MISC MISC |
excast — pro_ii |
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. | 2020-10-16 | not yet calculated | CVE-2019-12305 MISC |
eyoucms — eyoucms |
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php. | 2020-10-22 | not yet calculated | CVE-2020-18129 MISC |
fastd — fastd |
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | 2020-10-22 | not yet calculated | CVE-2020-27638 MISC MISC MISC |
fortinet — fortios |
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the “diag sys ha checksum show” command. | 2020-10-21 | not yet calculated | CVE-2020-6648 CONFIRM |
freebox — freebox_server |
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 2020-10-19 | not yet calculated | CVE-2020-24375 CONFIRM MISC |
fritz!os — fritz!os |
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism. | 2020-10-23 | not yet calculated | CVE-2020-26887 MISC MISC MISC |
fruitywifi — fruitywifi |
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase. | 2020-10-23 | not yet calculated | CVE-2020-24847 MISC |
fruitywifi — fruitywifi |
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. | 2020-10-23 | not yet calculated | CVE-2020-24848 MISC |
fs.com — s3900_24t4s |
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. | 2020-10-22 | not yet calculated | CVE-2020-24033 MISC MISC |
ghisler — total_commander |
An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%totalcmdTOTALCMD64.EXE binary. | 2020-10-21 | not yet calculated | CVE-2020-17381 MISC |
gitlab — runner |
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments | 2020-10-22 | not yet calculated | CVE-2020-13327 CONFIRM MISC |
gopro — gpmf-parser |
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash. | 2020-10-19 | not yet calculated | CVE-2020-16160 MISC MISC |
gopro — gpmf-parser |
GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure. | 2020-10-19 | not yet calculated | CVE-2020-16159 MISC MISC |
gopro — gpmf-parser |
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash. | 2020-10-19 | not yet calculated | CVE-2020-16161 MISC MISC MISC |
hashicorp — nomad_and_nomad_enterprise |
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | 2020-10-22 | not yet calculated | CVE-2020-27195 CONFIRM MISC |
huawei — e-6878-370 |
E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. | 2020-10-19 | not yet calculated | CVE-2020-9111 MISC |
huawei — taurus-an00b |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. | 2020-10-19 | not yet calculated | CVE-2020-9112 MISC |
imagemagik — imagemagick |
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | 2020-10-22 | not yet calculated | CVE-2020-27560 MISC |
jboss — eap |
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability. | 2020-10-16 | not yet calculated | CVE-2020-14299 MISC |
juniper_networks — ex2300_series_devices | On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: … Idle 2 percent the “Idle” value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary … PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1668 CONFIRM |
juniper_networks — ex4300_series_devices | On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1670 MISC |
juniper_networks — junos_os | On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1672 CONFIRM |
juniper_networks — junos_os | A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability. | 2020-10-16 | not yet calculated | CVE-2020-1664 CONFIRM |
juniper_networks — junos_os | The system console configuration option ‘log-out-on-disconnect’ In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO. | 2020-10-16 | not yet calculated | CVE-2020-1666 CONFIRM |
juniper_networks — junos_os | Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. | 2020-10-16 | not yet calculated | CVE-2020-1681 CONFIRM |
juniper_networks — junos_os |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing “URL Filtering service”, can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | 2020-10-16 | not yet calculated | CVE-2020-1667 MISC |
juniper_networks — junos_os |
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user’s HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 – S 0:00.13 /usr/sbin/httpd-gk -N 5797 – I 0:00.10 /usr/sbin/httpd –config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. | 2020-10-16 | not yet calculated | CVE-2020-1673 CONFIRM |
juniper_networks — junos_os |
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing “URL Filtering service”, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2. | 2020-10-16 | not yet calculated | CVE-2020-1660 CONFIRM |
juniper_networks — junos_os |
An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version. | 2020-10-16 | not yet calculated | CVE-2020-1682 CONFIRM |
juniper_networks — junos_os |
Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the “bounded receive delay”, there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1. | 2020-10-16 | not yet calculated | CVE-2020-1674 MISC CONFIRM MISC |
juniper_networks — junos_os |
The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. | 2020-10-16 | not yet calculated | CVE-2020-1656 CONFIRM MISC MISC MISC |
juniper_networks — junos_os |
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1. | 2020-10-16 | not yet calculated | CVE-2020-1671 CONFIRM |
juniper_networks — junos_os |
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5. | 2020-10-16 | not yet calculated | CVE-2020-1661 CONFIRM |
juniper_networks — junos_os |
On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3. | 2020-10-16 | not yet calculated | CVE-2020-1662 CONFIRM |
juniper_networks — junos_os_and_junos_os_evolved |
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the “show task memory detail | match policy | match evpn” command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ———————— Allocator Memory Report ———————— Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ———————— Allocator Memory Report ———————— Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. | 2020-10-16 | not yet calculated | CVE-2020-1678 CONFIRM |
juniper_networks — junos_os_devices |
On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match “pfe_ipc|kmem” pfe_ipc 147 5K – 164352 16,32,64,8192 <– increasing vm.kmem_map_free: 127246336 <– decreasing pfe_ipc 0 0K – 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3. | 2020-10-16 | not yet calculated | CVE-2020-1683 CONFIRM |
juniper_networks — junos_os_devices |
On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. | 2020-10-16 | not yet calculated | CVE-2020-1686 CONFIRM |
juniper_networks — junos_os_devices |
On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases. | 2020-10-16 | not yet calculated | CVE-2020-1657 CONFIRM |
juniper_networks — mist_cloud_ui | When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated | CVE-2020-1677 CONFIRM |
juniper_networks — mist_cloud_ui | When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated | CVE-2020-1676 CONFIRM |
juniper_networks — mist_cloud_ui |
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | 2020-10-16 | not yet calculated | CVE-2020-1675 CONFIRM |
juniper_networks — multiple_devices |
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1687 CONFIRM |
juniper_networks — multiple_devices |
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1689 CONFIRM |
juniper_networks — mx_series_and_ex9200_series_devices | On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2. | 2020-10-16 | not yet calculated | CVE-2020-1665 CONFIRM MISC |
juniper_networks — mx_series_devices |
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2. | 2020-10-16 | not yet calculated | CVE-2020-1680 CONFIRM |
juniper_networks — nfx350_series_devices |
The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2. | 2020-10-16 | not yet calculated | CVE-2020-1669 CONFIRM |
juniper_networks — ptx/qfx_series_devices | On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state … Number of async queue entries: 65007 <— this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. | 2020-10-16 | not yet calculated | CVE-2020-1679 CONFIRM |
juniper_networks — qfx5k_series_devices | When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a ‘user-vlan-id’ match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under ‘user-vlan-id’. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. | 2020-10-16 | not yet calculated | CVE-2020-1685 CONFIRM |
juniper_networks — srx_series_and_nfx_series_devices |
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2. | 2020-10-16 | not yet calculated | CVE-2020-1688 MISC CONFIRM MISC MISC MISC |
juniper_networks — srx_series_devices |
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2. | 2020-10-16 | not yet calculated | CVE-2020-1684 CONFIRM |
levistudiou — release_build |
An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | 2020-10-22 | not yet calculated | CVE-2020-25186 MISC |
lightning_network_daemon — lightning_network_daemon |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn’t verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim’s receiver privacy. | 2020-10-21 | not yet calculated | CVE-2020-26896 MISC MISC MISC |
lightning_network_daemon — lightning_network_daemon |
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. | 2020-10-21 | not yet calculated | CVE-2020-26895 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. | 2020-10-22 | not yet calculated | CVE-2020-27675 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | 2020-10-22 | not yet calculated | CVE-2020-27673 MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. | 2020-10-16 | not yet calculated | CVE-2020-27194 MISC MISC |
mark_text — mark_text |
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the “source code mode” feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. | 2020-10-16 | not yet calculated | CVE-2020-27176 MISC |
mediawiki — mediawiki |
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. | 2020-10-22 | not yet calculated | CVE-2020-27620 MISC MISC MISC MISC |
mediawiki — mediawiki |
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user’s IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension. | 2020-10-22 | not yet calculated | CVE-2020-27621 MISC MISC |
micro_focus — operation_bridge_manager |
An arbitrary code execution vulnerability exists in Micro Focus Operation Bridge Manager 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. The vulnerability could allow remote attackers to execute arbitrary code. | 2020-10-22 | not yet calculated | CVE-2020-11853 MISC |
microchip — cryptoauthlib |
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | 2020-10-22 | not yet calculated | CVE-2019-16129 MLIST MISC MISC |
microchip — cryptoauthlib |
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | 2020-10-22 | not yet calculated | CVE-2019-16128 MLIST MISC MISC |
microsoft — azure_functions |
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka ‘Azure Functions Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16904 MISC |
microsoft — windows |
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don’t have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users. | 2020-10-19 | not yet calculated | CVE-2020-15261 MISC MISC CONFIRM |
microsoft — windows_10 |
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16902 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka ‘Windows Image Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16892 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16887 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Event System Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16900 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka ‘Windows COM Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-16935. | 2020-10-16 | not yet calculated | CVE-2020-16916 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka ‘Windows Storage VSP Driver Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16885 MISC |
microsoft — windows_10 |
An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka ‘Windows KernelStream Information Disclosure Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16889 MISC |
microsoft — windows_10 |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. | 2020-10-16 | not yet calculated | CVE-2020-16890 MISC |
mozilla — firefox | When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn’t control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. | 2020-10-22 | not yet calculated | CVE-2020-15682 MISC MISC |
mozilla — firefox |
Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. | 2020-10-22 | not yet calculated | CVE-2020-15684 MISC MISC |
mozilla — firefox |
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another’s entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | 2020-10-22 | not yet calculated | CVE-2020-15681 MISC MISC |
mozilla — firefox |
If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. | 2020-10-22 | not yet calculated | CVE-2020-15680 MISC MISC |
mozilla — multiple_products |
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. | 2020-10-22 | not yet calculated | CVE-2020-15683 MISC MISC MISC MISC |
mozilla — network_security_services |
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | 2020-10-22 | not yet calculated | CVE-2019-17006 MISC MISC |
mozilla — network_security_services |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | 2020-10-22 | not yet calculated | CVE-2019-17007 MISC MISC |
mozilla — network_security_services |
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | 2020-10-22 | not yet calculated | CVE-2018-18508 MISC MISC |
netwrix — account_lockout_examiner |
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | 2020-10-20 | not yet calculated | CVE-2020-15931 CONFIRM MISC |
nvidia — geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 2020-10-23 | not yet calculated | CVE-2020-5990 CONFIRM |
nvidia — geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | 2020-10-23 | not yet calculated | CVE-2020-5978 CONFIRM |
nvidia — geforce_experience |
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 2020-10-23 | not yet calculated | CVE-2020-5977 CONFIRM |
object-path — object-path |
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don’t use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. | 2020-10-19 | not yet calculated | CVE-2020-15256 MISC CONFIRM |
octopus — octupus_deploy |
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. | 2020-10-22 | not yet calculated | CVE-2020-27155 MISC MISC MISC MISC |
omniauth-auth0 — omniauth-auth0 |
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1. | 2020-10-21 | not yet calculated | CVE-2020-15240 MISC CONFIRM MISC |
open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | 2020-10-23 | not yet calculated | CVE-2020-15004 MISC MISC |
open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | 2020-10-23 | not yet calculated | CVE-2020-15003 CONFIRM MISC |
open-xchange — ox_app_suite |
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | 2020-10-23 | not yet calculated | CVE-2020-15002 CONFIRM MISC |
openstack — blazer_dashboard |
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | 2020-10-16 | not yet calculated | CVE-2020-26943 MLIST MISC MISC MISC MISC MISC MISC CONFIRM |
oracle — bi-publisher |
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14842 MISC |
oracle — bi_publisher |
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite – XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14880 MISC |
oracle — bi_publisher |
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14780 MISC |
oracle — bi_publisher |
Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite – XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14879 MISC |
oracle — bi_publisher |
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14784 MISC |
oracle — business_intelligence_enterprise_edition |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14843 MISC |
oracle — communications_diameter_signaling_router |
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14788 MISC |
oracle — communications_diameter_signaling_router |
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14787 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14840 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14876 MISC MISC |
oracle — e-business_suite |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14774 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14831 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14875 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 – 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14851 MISC |
oracle — e-business_suite |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 – 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14850 MISC |
oracle — hospitality_opera_5_property_services |
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14877 MISC |
oracle — hospitality_res_3700 |
Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14783 MISC |
oracle — hyperion |
Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14772 MISC |
oracle — hyperion |
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14770 MISC |
oracle — hyperion |
Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14768 MISC |
oracle — hyperion_infrastructure_technology |
Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14854 MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14779 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14782 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14781 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14792 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14798 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14797 CONFIRM MISC |
oracle — java_se |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14796 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14838 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14870 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14867 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14873 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14866 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14769 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14869 CONFIRM MISC |
oracle — mysql | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14868 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14773 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14852 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14775 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14800 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14776 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14777 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14812 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14878 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14771 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14672 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14861 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14853 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14765 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14860 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14785 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14845 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14839 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14837 CONFIRM MISC |
oracle — mysql |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14836 CONFIRM MISC |
oracle — peoplesoft_enterprise_global_payroll_core |
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Core accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Global Payroll Core. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | 2020-10-21 | not yet calculated | CVE-2020-14778 MISC |
oracle — peoplesoft_enterprise_peopletools |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14847 MISC |
oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14872 MISC |
oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14881 MISC MISC |
oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14885 MISC MISC |
oracle — vm_virtualbox |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | 2020-10-21 | not yet calculated | CVE-2020-14884 MISC MISC |
oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14883 MISC |
oracle — weblogic_server |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14882 MISC |
oracle –solaris |
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). | 2020-10-21 | not yet calculated | CVE-2020-14871 MISC |
overwolf — overwolf |
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. | 2020-10-16 | not yet calculated | CVE-2020-25214 MISC |
parse_server — parse_server |
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched. | 2020-10-22 | not yet calculated | CVE-2020-15270 MISC CONFIRM MISC |
phpredisadmin — N/A |
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. | 2020-10-16 | not yet calculated | CVE-2020-27163 MISC |
python — python |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 2020-10-22 | not yet calculated | CVE-2020-27619 MISC MISC MISC MISC MISC MISC |
qemu — qemu |
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | 2020-10-16 | not yet calculated | CVE-2020-24352 MISC MISC |
rconfig — rconfig |
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 2020-10-19 | not yet calculated | CVE-2020-13778 MISC MISC |
reason — s20_ethernet_switch |
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | 2020-10-20 | not yet calculated | CVE-2020-16246 MISC |
red_hat — fabric8-maven-plugin |
A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-10-22 | not yet calculated | CVE-2020-10721 MISC |
rockwell_automation — allen-bradley_flex_io_1794-aent/b_4.003 |
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table. | 2020-10-19 | not yet calculated | CVE-2020-6084 MISC |
rockwell_automation — allen-bradley_flex_io_1794-aent/b_4.003 |
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field. | 2020-10-19 | not yet calculated | CVE-2020-6085 MISC |
sage — dpw_2020_06_x |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | 2020-10-16 | not yet calculated | CVE-2020-26583 MISC MISC MISC |
sage — dpw_2020_06_x |
An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field “Kurs suchen” on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user’s browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware. | 2020-10-16 | not yet calculated | CVE-2020-26584 MISC MISC MISC |
sage — easypay |
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E). | 2020-10-18 | not yet calculated | CVE-2020-13893 MISC MISC |
sap — solution_manager_and_focused_run |
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. | 2020-10-20 | not yet calculated | CVE-2020-6369 MISC MISC |
simple — download_monitor |
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. | 2020-10-21 | not yet calculated | CVE-2020-5651 MISC MISC |
simple — download_monitor |
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 2020-10-21 | not yet calculated | CVE-2020-5650 MISC MISC |
solarwinds — n-central |
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker. | 2020-10-19 | not yet calculated | CVE-2020-15910 MISC MISC |
solarwinds — n-central |
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service. | 2020-10-19 | not yet calculated | CVE-2020-15909 MISC MISC |
sprecher — sprecon-e_firmware |
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | 2020-10-19 | not yet calculated | CVE-2020-11496 CONFIRM |
spree — spree |
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory. | 2020-10-20 | not yet calculated | CVE-2020-15269 MISC CONFIRM |
strapi — strapi |
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | 2020-10-22 | not yet calculated | CVE-2020-27664 MISC MISC |
strapi — strapi |
In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | 2020-10-22 | not yet calculated | CVE-2020-27665 MISC MISC |
strapi — strapi |
Strapi before 3.2.5 has stored XSS in the wysiwyg editor’s preview feature. | 2020-10-22 | not yet calculated | CVE-2020-27666 MISC MISC |
sylius — sylius |
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here. | 2020-10-19 | not yet calculated | CVE-2020-15245 MISC CONFIRM |
synapse — authrestservlet |
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. | 2020-10-19 | not yet calculated | CVE-2020-26891 MISC MISC CONFIRM MISC |
synk — synk |
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. | 2020-10-21 | not yet calculated | CVE-2020-7750 MISC MISC |
synk — synk |
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ … }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read. | 2020-10-20 | not yet calculated | CVE-2020-7749 MISC MISC MISC |
tensorflow — tensorflow |
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. | 2020-10-21 | not yet calculated | CVE-2020-15266 CONFIRM CONFIRM CONFIRM |
tensorflow — tensorflow |
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. | 2020-10-21 | not yet calculated | CVE-2020-15265 MISC MISC CONFIRM |
tibco — multiple_products |
The Transaction Insight reporting component of TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.’s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0. | 2020-10-20 | not yet calculated | CVE-2020-9417 CONFIRM |
tiki — tiki |
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. | 2020-10-22 | not yet calculated | CVE-2020-15906 MISC MISC |
tink — tink |
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext. | 2020-10-19 | not yet calculated | CVE-2020-8929 CONFIRM CONFIRM |
ubuntu — ubuntu |
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. | 2020-10-16 | not yet calculated | CVE-2020-15157 MISC CONFIRM UBUNTU UBUNTU |
ucms — ucms |
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | 2020-10-23 | not yet calculated | CVE-2020-25483 MISC |
ucweb — uc_browser |
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb’s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb’s UC Browser version 13.0.8 and prior versions. | 2020-10-20 | not yet calculated | CVE-2020-7364 MISC MISC |
ucweb — uc_browser |
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb’s UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb’s UC Browser version 13.0.8 and prior versions. | 2020-10-20 | not yet calculated | CVE-2020-7363 MISC MISC |
ucweb — uc_browser |
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions. | 2020-10-20 | not yet calculated | CVE-2020-7371 MISC MISC |
velero — velero |
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | 2020-10-22 | not yet calculated | CVE-2020-3996 MISC |
verifone — mx900_series_pinpad_payment_terminals |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | 2020-10-23 | not yet calculated | CVE-2019-14711 MISC |
verifone — mx900_series_pinpad_payment_terminals |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | 2020-10-23 | not yet calculated | CVE-2019-14713 MISC |
verifone — mx900_series_pinpad_terminals |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | 2020-10-23 | not yet calculated | CVE-2019-14719 MISC |
verifone — mx900_series_pinpad_terminals |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | 2020-10-23 | not yet calculated | CVE-2019-14718 MISC |
verifone — pinpad_payment_terminals |
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | 2020-10-23 | not yet calculated | CVE-2019-14715 MISC |
verifone — verixv_pinpad_payment_terminals |
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | 2020-10-23 | not yet calculated | CVE-2019-14712 MISC |
verifone — verixv_pinpad_payment_terminals |
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | 2020-10-23 | not yet calculated | CVE-2019-14716 MISC |
verifone — verixv_pinpad_payment_terminals |
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | 2020-10-23 | not yet calculated | CVE-2019-14717 MISC |
vm-superio — vm-superio |
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. | 2020-10-16 | not yet calculated | CVE-2020-27173 MISC MISC |
vmware — horizon_client |
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | 2020-10-23 | not yet calculated | CVE-2020-3998 MISC |
vmware — horizon_server |
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | 2020-10-23 | not yet calculated | CVE-2020-3997 MISC |
vmware — multiple_products |
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. | 2020-10-20 | not yet calculated | CVE-2020-3995 MISC |
vmware — multiple_products |
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. | 2020-10-20 | not yet calculated | CVE-2020-3992 MISC |
vmware — multiple_products |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine’s vmx process or corrupt hypervisor’s memory heap. | 2020-10-20 | not yet calculated | CVE-2020-3982 MISC |
vmware — multiple_products |
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | 2020-10-20 | not yet calculated | CVE-2020-3981 MISC |
vmware — nsx-t |
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. | 2020-10-20 | not yet calculated | CVE-2020-3993 MISC |
vmware — vcenter_server |
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. | 2020-10-20 | not yet calculated | CVE-2020-3994 MISC |
webpack-subsource-integrity — webpack-subsource-integrity |
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1. | 2020-10-19 | not yet calculated | CVE-2020-15262 MISC MISC CONFIRM |
wire — wire |
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL’s protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory. | 2020-10-16 | not yet calculated | CVE-2020-15258 MISC MISC CONFIRM |
wso2 — api_manager |
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the “publisher” component’s admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF. | 2020-10-21 | not yet calculated | CVE-2020-17454 CONFIRM |
xen — xen |
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 2020-10-22 | not yet calculated | CVE-2020-27672 MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 2020-10-22 | not yet calculated | CVE-2020-27671 MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 2020-10-22 | not yet calculated | CVE-2020-27670 MISC |
xen — xen |
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 2020-10-22 | not yet calculated | CVE-2020-27674 MISC |
xwiki — xwiki |
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6. | 2020-10-16 | not yet calculated | CVE-2020-15252 CONFIRM MISC MISC |
yubico — yubihsm-shell | An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | 2020-10-19 | not yet calculated | CVE-2020-24388 MISC MISC MISC MISC |
yubico — yubihsm-shell |
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | 2020-10-19 | not yet calculated | CVE-2020-24387 MISC MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.