CVE List - 2020 / October
Showing 1001 - 1100 of 1594 CVEs for October 2020 (Page 11 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-14863 | 2020-10-21 | Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2020-14865 | 2020-10-21 | Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2020-14866 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14867 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to... |
| CVE-2020-14868 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14869 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability... |
| CVE-2020-14870 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14872 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14873 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2020-14875 | 2020-10-21 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows... |
| CVE-2020-14876 | 2020-10-21 | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability... |
| CVE-2020-14864 | 2020-10-21 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2020-14871 | 2020-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2020-14877 | 2020-10-21 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high... |
| CVE-2020-14878 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2020-14879 | 2020-10-21 | Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows... |
| CVE-2020-14880 | 2020-10-21 | Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows... |
| CVE-2020-14881 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14884 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14885 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14886 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14887 | 2020-10-21 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2020-14888 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14889 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2020-14890 | 2020-10-21 | Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows... |
| CVE-2020-14891 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14892 | 2020-10-21 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2020-14893 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14894 | 2020-10-21 | Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged... |
| CVE-2020-14882 | 2020-10-21 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2020-14883 | 2020-10-21 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high... |
| CVE-2020-14895 | 2020-10-21 | Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that are affected are 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 - 4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily... |
| CVE-2020-14896 | 2020-10-21 | Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2020-14897 | 2020-10-21 | Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows... |
| CVE-2020-14898 | 2020-10-21 | Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2020-14899 | 2020-10-21 | Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2020-14900 | 2020-10-21 | Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2020-14901 | 2020-10-21 | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with... |
| CVE-2020-6648 | 2020-10-21 | A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain... |
| CVE-2020-27602 | 2020-10-21 | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. |
| CVE-2020-27606 | 2020-10-21 | BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie... |
| CVE-2020-27608 | 2020-10-21 | In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. |
| CVE-2020-27610 | 2020-10-21 | The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. |
| CVE-2020-27612 | 2020-10-21 | Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any... |
| CVE-2020-27613 | 2020-10-21 | The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. |
| CVE-2020-27611 | 2020-10-21 | BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. |
| CVE-2020-27609 | 2020-10-21 | BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific... |
| CVE-2020-27607 | 2020-10-21 | In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client... |
| CVE-2020-27605 | 2020-10-21 | BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." |
| CVE-2020-27604 | 2020-10-21 | BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API... |
| CVE-2020-27603 | 2020-10-21 | BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. |
| CVE-2020-27601 | 2020-10-21 | In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. |
| CVE-2020-5650 | 2020-10-21 | Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2020-5651 | 2020-10-21 | SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. |
| CVE-2020-7750 | 2020-10-21 | Cross-site Scripting (XSS) |
| CVE-2020-15240 | 2020-10-21 | Regression in JWT Signature Validation |
| CVE-2018-11764 | 2020-10-21 | Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. |
| CVE-2020-3299 | 2020-10-21 | Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability |
| CVE-2020-3553 | 2020-10-21 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2020-3550 | 2020-10-21 | Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability |
| CVE-2020-3549 | 2020-10-21 | Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability |
| CVE-2020-3533 | 2020-10-21 | Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability |
| CVE-2020-3529 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability |
| CVE-2020-3528 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability |
| CVE-2020-3515 | 2020-10-21 | Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities |
| CVE-2020-3514 | 2020-10-21 | Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability |
| CVE-2020-3499 | 2020-10-21 | Cisco Firepower Management Center Software Denial of Service Vulnerability |
| CVE-2020-3459 | 2020-10-21 | Cisco FXOS Software for Firepower 4100/9300 Series Command Injection Vulnerability |
| CVE-2020-3458 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities |
| CVE-2020-3457 | 2020-10-21 | Cisco FXOS Software Command Injection Vulnerability |
| CVE-2020-3456 | 2020-10-21 | Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3455 | 2020-10-21 | Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability |
| CVE-2020-3436 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability |
| CVE-2020-3410 | 2020-10-21 | Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability |
| CVE-2020-3373 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability |
| CVE-2020-3352 | 2020-10-21 | Cisco Firepower Threat Defense Software Hidden Commands Vulnerability |
| CVE-2020-3317 | 2020-10-21 | Cisco Firepower Threat Defense Software SSL Input Validation Denial of Service Vulnerability |
| CVE-2020-3304 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability |
| CVE-2020-3582 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities |
| CVE-2020-3583 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities |
| CVE-2020-3585 | 2020-10-21 | Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability |
| CVE-2020-3599 | 2020-10-21 | Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability |
| CVE-2020-3581 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities |
| CVE-2020-3580 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities |
| CVE-2020-3578 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN Portal Access Rule Bypass Vulnerability |
| CVE-2020-3577 | 2020-10-21 | Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability |
| CVE-2020-3572 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Session Denial of Service Vulnerability |
| CVE-2020-3571 | 2020-10-21 | Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability |
| CVE-2020-3565 | 2020-10-21 | Cisco Firepower Threat Defense Software TCP Intercept Bypass Vulnerability |
| CVE-2020-3564 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability |
| CVE-2020-3563 | 2020-10-21 | Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability |
| CVE-2020-3562 | 2020-10-21 | Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability |
| CVE-2020-3561 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software WebVPN CRLF Injection Vulnerability |
| CVE-2020-3558 | 2020-10-21 | Cisco Firepower Management Center Software Open Redirect Vulnerability |
| CVE-2020-3557 | 2020-10-21 | Cisco Firepower Management Center Software Denial of Service Vulnerability |
| CVE-2020-3555 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability |
| CVE-2020-3554 | 2020-10-21 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Denial of Service Vulnerability |
| CVE-2020-27344 | 2020-10-21 | The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. |
| CVE-2020-24422 | 2020-10-21 | Uncontrolled Search Path in Creative Cloud Desktop Application |
| CVE-2020-9748 | 2020-10-21 | Stack overflow vulnerability in Adobe Animate 20.5 |