CVE List - 2020 / October
Showing 801 - 900 of 1594 CVEs for October 2020 (Page 9 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-16160 | 2020-10-19 | GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash. |
| CVE-2020-16161 | 2020-10-19 | GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash. |
| CVE-2020-24375 | 2020-10-19 | A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. |
| CVE-2020-15822 | 2020-10-19 | In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. |
| CVE-2020-11496 | 2020-10-19 | Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the... |
| CVE-2019-13633 | 2020-10-19 | Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This... |
| CVE-2020-9112 | 2020-10-19 | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this... |
| CVE-2020-9092 | 2020-10-19 | HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch... |
| CVE-2020-24387 | 2020-10-19 | An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would... |
| CVE-2020-24388 | 2020-10-19 | An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could... |
| CVE-2020-9263 | 2020-10-19 | HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference... |
| CVE-2020-9113 | 2020-10-19 | HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful... |
| CVE-2020-9111 | 2020-10-19 | E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit... |
| CVE-2020-15262 | 2020-10-19 | Invalid integrity hashes in webpack-subresource-integrity |
| CVE-2020-13937 | 2020-10-19 | Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one... |
| CVE-2020-15263 | 2020-10-19 | XSS in platform |
| CVE-2020-10746 | 2020-10-19 | A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the... |
| CVE-2020-6084 | 2020-10-19 | An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss... |
| CVE-2020-6085 | 2020-10-19 | An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss... |
| CVE-2020-15245 | 2020-10-19 | Email verification bypass in Sylius |
| CVE-2020-15256 | 2020-10-19 | Prototype pollution in object-path |
| CVE-2020-15261 | 2020-10-19 | Unquoted service path vulnerability on Veyon |
| CVE-2020-25648 | 2020-10-20 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of... |
| CVE-2020-5640 | 2020-10-20 | Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. |
| CVE-2020-7747 | 2020-10-20 | Cross-site Scripting (XSS) |
| CVE-2020-7748 | 2020-10-20 | Prototype Pollution |
| CVE-2020-7749 | 2020-10-20 | Server-side Request Forgery (SSRF) |
| CVE-2020-6315 | 2020-10-20 | SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads... |
| CVE-2020-6366 | 2020-10-20 | SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS... |
| CVE-2020-6369 | 2020-10-20 | SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and... |
| CVE-2020-6308 | 2020-10-20 | SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network... |
| CVE-2020-6362 | 2020-10-20 | SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead... |
| CVE-2020-6367 | 2020-10-20 | There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user... |
| CVE-2020-6370 | 2020-10-20 | SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
| CVE-2019-4680 | 2020-10-20 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,... |
| CVE-2020-4491 | 2020-10-20 | IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to... |
| CVE-2020-4564 | 2020-10-20 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... |
| CVE-2020-4748 | 2020-10-20 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4749 | 2020-10-20 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a... |
| CVE-2020-4755 | 2020-10-20 | IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4756 | 2020-10-20 | IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of... |
| CVE-2020-16246 | 2020-10-20 | GE Reason S20 Ethernet Switch |
| CVE-2020-3981 | 2020-10-20 | VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI... |
| CVE-2020-3982 | 2020-10-20 | VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI... |
| CVE-2020-3992 | 2020-10-20 | OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access... |
| CVE-2020-3993 | 2020-10-20 | VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager.... |
| CVE-2020-3994 | 2020-10-20 | VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation.... |
| CVE-2020-3995 | 2020-10-20 | In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability.... |
| CVE-2020-7363 | 2020-10-20 | UCWeb UC Browser Address Bar Spooofing |
| CVE-2020-7364 | 2020-10-20 | UCWeb UC Browser Address Bar Spooofing |
| CVE-2020-7369 | 2020-10-20 | Yandex Browser Address Bar Spooofing |
| CVE-2020-7370 | 2020-10-20 | Danyil Vasilenko Bolt Browser Address Bar Spooofing |
| CVE-2020-7371 | 2020-10-20 | Raise IT Solutions RITS Browser Address Bar Spooofing |
| CVE-2019-9080 | 2020-10-20 | DomainMOD before 4.14.0 uses MD5 without a salt for password storage. |
| CVE-2020-24765 | 2020-10-20 | InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. |
| CVE-2020-15931 | 2020-10-20 | Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state)... |
| CVE-2020-15269 | 2020-10-20 | Expired token reuse in Spree |
| CVE-2020-15264 | 2020-10-20 | Privilege Escalation in Boxstarter |
| CVE-2020-9417 | 2020-10-20 | TIBCO Foresight SQL Injection |
| CVE-2020-5792 | 2020-10-20 | Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges... |
| CVE-2020-5790 | 2020-10-20 | Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
| CVE-2020-5791 | 2020-10-20 | Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the... |
| CVE-2020-25157 | 2020-10-20 | The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. |
| CVE-2020-24416 | 2020-10-20 | Blind stored XSS in Marketo Sales insight plugin for SalesForce |
| CVE-2020-24411 | 2020-10-20 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Vulnerability |
| CVE-2020-24413 | 2020-10-20 | Adobe Illustrator Memory Corruption Vulnerability |
| CVE-2020-24415 | 2020-10-20 | Adobe Illustrator Memory Corruption Vulnerability |
| CVE-2020-24409 | 2020-10-20 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2020-24410 | 2020-10-20 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2020-24414 | 2020-10-20 | Adobe Illustrator Memory Corruption Vulnerability |
| CVE-2020-24412 | 2020-10-20 | Adobe Illustrator Memory Corruption Vulnerability |
| CVE-2020-17381 | 2020-10-21 | An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. |
| CVE-2020-26895 | 2020-10-21 | Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an... |
| CVE-2020-26896 | 2020-10-21 | Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC... |
| CVE-2020-25820 | 2020-10-21 | BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. |
| CVE-2020-10138 | 2020-10-21 | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a... |
| CVE-2020-10139 | 2020-10-21 | Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component.... |
| CVE-2020-10140 | 2020-10-21 | Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution... |
| CVE-2020-14672 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily... |
| CVE-2020-14731 | 2020-10-21 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability... |
| CVE-2020-14732 | 2020-10-21 | Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows... |
| CVE-2020-14734 | 2020-10-21 | Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with... |
| CVE-2020-14735 | 2020-10-21 | Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local... |
| CVE-2020-14736 | 2020-10-21 | Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Public... |
| CVE-2020-14740 | 2020-10-21 | Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having... |
| CVE-2020-14741 | 2020-10-21 | Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create... |
| CVE-2020-14742 | 2020-10-21 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having... |
| CVE-2020-14743 | 2020-10-21 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker... |
| CVE-2020-14744 | 2020-10-21 | Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior... |
| CVE-2020-14745 | 2020-10-21 | Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General). Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior... |
| CVE-2020-14746 | 2020-10-21 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2020-14752 | 2020-10-21 | Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with... |
| CVE-2020-14753 | 2020-10-21 | Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low... |
| CVE-2020-14754 | 2020-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2020-14757 | 2020-10-21 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). The supported version that is affected is 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with... |
| CVE-2020-14758 | 2020-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2020-14759 | 2020-10-21 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to... |
| CVE-2020-14760 | 2020-10-21 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-14761 | 2020-10-21 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.7. Easily exploitable vulnerability allows... |
| CVE-2020-14762 | 2020-10-21 | Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL... |