CVE List - 2020 / October
Showing 1101 - 1200 of 1594 CVEs for October 2020 (Page 12 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-9749 | 2020-10-21 | Out-of-bounds read vulnerability in Adobe Animate 20.5 |
| CVE-2020-9747 | 2020-10-21 | Double-free vulnerability in Adobe Animate 20.5 |
| CVE-2020-9750 | 2020-10-21 | Out-of-bounds read vulnerability in Adobe Animate 20.5 |
| CVE-2020-15244 | 2020-10-21 | RCE in Magento |
| CVE-2020-24425 | 2020-10-21 | Privilege escalation vulnerability in Dreamweaver version 20.2 |
| CVE-2020-27615 | 2020-10-21 | The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. |
| CVE-2020-24418 | 2020-10-21 | Adobe After Effects Out-of-Bounds Read Vulnerability |
| CVE-2020-24419 | 2020-10-21 | Uncontrolled Search Path Element in Adobe After Effects for Windows |
| CVE-2020-15265 | 2020-10-21 | Segfault in Tensorflow |
| CVE-2020-15266 | 2020-10-21 | Undefined behavior in Tensorflow |
| CVE-2020-24420 | 2020-10-21 | Uncontrolled Search Path Element in Adobe Photoshop for Windows |
| CVE-2020-24424 | 2020-10-21 | Uncontrolled Search Path in Adobe Premiere Pro for Windows |
| CVE-2020-24423 | 2020-10-21 | Uncontrolled Search Path in Adobe Media Encoder for Windows |
| CVE-2020-24421 | 2020-10-21 | Adobe InDesign 15.1.2 NULL Pointer Dereference Bug |
| CVE-2020-17454 | 2020-10-21 | WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter,... |
| CVE-2020-17355 | 2020-10-21 | Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed... |
| CVE-2020-27560 | 2020-10-22 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. |
| CVE-2020-27619 | 2020-10-22 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
| CVE-2020-27621 | 2020-10-22 | The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address... |
| CVE-2020-27620 | 2020-10-22 | The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. |
| CVE-2020-27638 | 2020-10-22 | receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. |
| CVE-2020-27642 | 2020-10-22 | A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. |
| CVE-2020-27646 | 2020-10-22 | Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. |
| CVE-2020-24033 | 2020-10-22 | An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on... |
| CVE-2020-26649 | 2020-10-22 | AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php |
| CVE-2020-26650 | 2020-10-22 | AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php |
| CVE-2020-27533 | 2020-10-22 | A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be... |
| CVE-2020-27195 | 2020-10-22 | HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 |
| CVE-2020-7020 | 2020-10-22 | Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain... |
| CVE-2020-27155 | 2020-10-22 | An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. |
| CVE-2020-15906 | 2020-10-22 | tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. |
| CVE-2020-3915 | 2020-10-22 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files. |
| CVE-2020-3898 | 2020-10-22 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. |
| CVE-2020-3918 | 2020-10-22 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may... |
| CVE-2020-9779 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read... |
| CVE-2020-9810 | 2020-10-22 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login... |
| CVE-2020-9771 | 2020-10-22 | This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. |
| CVE-2020-9796 | 2020-10-22 | A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9787 | 2020-10-22 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have... |
| CVE-2020-9772 | 2020-10-22 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be... |
| CVE-2020-9853 | 2020-10-22 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout. |
| CVE-2020-9828 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information. |
| CVE-2020-9854 | 2020-10-22 | A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain... |
| CVE-2020-9869 | 2020-10-22 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination. |
| CVE-2020-9863 | 2020-10-22 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may... |
| CVE-2020-9868 | 2020-10-22 | A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina... |
| CVE-2020-9871 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9874 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9876 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9875 | 2020-10-22 | An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows,... |
| CVE-2020-9872 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9877 | 2020-10-22 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows,... |
| CVE-2020-9873 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows,... |
| CVE-2020-9881 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD... |
| CVE-2020-9887 | 2020-10-22 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. |
| CVE-2020-9883 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9880 | 2020-10-22 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted... |
| CVE-2020-9899 | 2020-10-22 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9882 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD... |
| CVE-2020-9879 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9892 | 2020-10-22 | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application... |
| CVE-2020-9898 | 2020-10-22 | This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions. |
| CVE-2020-9900 | 2020-10-22 | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina... |
| CVE-2020-9901 | 2020-10-22 | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina... |
| CVE-2020-9906 | 2020-10-22 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be... |
| CVE-2020-9905 | 2020-10-22 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able... |
| CVE-2020-9908 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read... |
| CVE-2020-9904 | 2020-10-22 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may... |
| CVE-2020-9902 | 2020-10-22 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may... |
| CVE-2020-9921 | 2020-10-22 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system... |
| CVE-2020-9920 | 2020-10-22 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite... |
| CVE-2020-9919 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9928 | 2020-10-22 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9929 | 2020-10-22 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or... |
| CVE-2020-9924 | 2020-10-22 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service. |
| CVE-2020-9935 | 2020-10-22 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. |
| CVE-2020-9938 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows,... |
| CVE-2020-9939 | 2020-10-22 | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions. |
| CVE-2020-9980 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously... |
| CVE-2020-9927 | 2020-10-22 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9940 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD... |
| CVE-2020-9937 | 2020-10-22 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9986 | 2020-10-22 | A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be... |
| CVE-2020-9990 | 2020-10-22 | A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9984 | 2020-10-22 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows,... |
| CVE-2020-9985 | 2020-10-22 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD... |
| CVE-2020-9997 | 2020-10-22 | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. |
| CVE-2020-9994 | 2020-10-22 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may... |
| CVE-2019-16127 | 2020-10-22 | Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. |
| CVE-2020-27666 | 2020-10-22 | Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature. |
| CVE-2020-27665 | 2020-10-22 | In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. |
| CVE-2020-27664 | 2020-10-22 | admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. |
| CVE-2019-16129 | 2020-10-22 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). |
| CVE-2019-16128 | 2020-10-22 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). |
| CVE-2020-10721 | 2020-10-22 | A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven... |
| CVE-2020-13327 | 2020-10-22 | An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10.... |
| CVE-2020-25186 | 2020-10-22 | An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. |
| CVE-2018-18508 | 2020-10-22 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. |
| CVE-2020-3996 | 2020-10-22 | Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. |
| CVE-2019-17006 | 2020-10-22 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the... |