CVE List - 2020 / October
Showing 101 - 200 of 1594 CVEs for October 2020 (Page 2 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-15231 | 2020-10-02 | Cross-site scripting attack in mapfish-print |
| CVE-2020-12676 | 2020-10-02 | FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and... |
| CVE-2020-15232 | 2020-10-02 | XML External Entity attack in mapfish-print |
| CVE-2020-26525 | 2020-10-02 | Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset... |
| CVE-2020-26526 | 2020-10-02 | An issue was discovered in Damstra Smart Asset 2020.7. It... |
| CVE-2020-26527 | 2020-10-02 | An issue was discovered in API/api/Version in Damstra Smart Asset... |
| CVE-2020-15234 | 2020-10-02 | Redirect URL matching ignores character casing |
| CVE-2020-15233 | 2020-10-02 | OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses |
| CVE-2020-5983 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5984 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5985 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5986 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5987 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5988 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-5989 | 2020-10-02 | NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU... |
| CVE-2020-25776 | 2020-10-02 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to... |
| CVE-2017-18924 | 2020-10-04 | oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE.... |
| CVE-2020-7709 | 2020-10-05 | Prototype Pollution |
| CVE-2020-26166 | 2020-10-05 | The file upload functionality in qdPM 9.1 doesn't check the... |
| CVE-2020-25636 | 2020-10-05 | A flaw was found in Ansible Base when using the... |
| CVE-2020-8228 | 2020-10-05 | A missing rate limit in the Preferred Providers app 1.7.0... |
| CVE-2020-8235 | 2020-10-05 | Missing access control in Nextcloud Deck 1.0.4 caused an insecure... |
| CVE-2020-8223 | 2020-10-05 | A logic error in Nextcloud Server 19.0.0 caused a privilege... |
| CVE-2020-8182 | 2020-10-05 | Improper access control in Nextcloud Deck 0.8.0 allowed an attacker... |
| CVE-2020-25635 | 2020-10-05 | A flaw was found in Ansible Base when using the... |
| CVE-2020-4493 | 2020-10-05 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an... |
| CVE-2020-26061 | 2020-10-05 | ClickStudios Passwordstate Password Reset Portal prior to build 8501 is... |
| CVE-2019-14557 | 2020-10-05 | Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation... |
| CVE-2020-12302 | 2020-10-05 | Improper permissions in the Intel(R) Driver & Support Assistant before... |
| CVE-2019-14558 | 2020-10-05 | Insufficient control flow management in BIOS firmware for 8th, 9th,... |
| CVE-2020-8671 | 2020-10-05 | Insufficient control flow management in BIOS firmware 8th, 9th Generation... |
| CVE-2019-14556 | 2020-10-05 | Improper initialization in BIOS firmware for 8th, 9th, 10th Generation... |
| CVE-2020-0571 | 2020-10-05 | Improper conditions check in BIOS firmware for 8th Generation Intel(R)... |
| CVE-2020-26048 | 2020-10-05 | The file manager option in CuppaCMS before 2019-11-12 allows an... |
| CVE-2020-6875 | 2020-10-05 | A ZTE product is impacted by the improper access control... |
| CVE-2020-15236 | 2020-10-05 | Directory Traversal in Wiki.js |
| CVE-2020-15235 | 2020-10-05 | Sensitive data exposure in RACTF |
| CVE-2020-24231 | 2020-10-05 | Symmetric DS <3.12.0 uses mx4j to provide access to JMX... |
| CVE-2020-16226 | 2020-10-05 | Mitsubishi Electric Multiple Products |
| CVE-2020-15237 | 2020-10-05 | Timing attack in Shrine |
| CVE-2020-25613 | 2020-10-06 | An issue was discovered in Ruby through 2.5.8, 2.6.x through... |
| CVE-2020-25637 | 2020-10-06 | A double free memory issue was found to occur in... |
| CVE-2020-25643 | 2020-10-06 | A flaw was found in the HDLC_PPP module of the... |
| CVE-2020-25644 | 2020-10-06 | A memory leak flaw was found in WildFly OpenSSL in... |
| CVE-2020-26572 | 2020-10-06 | The TCOS smart card software driver in OpenSC before 0.21.0-rc1... |
| CVE-2020-26571 | 2020-10-06 | The gemsafe GPK smart card software driver in OpenSC before... |
| CVE-2020-26570 | 2020-10-06 | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1... |
| CVE-2020-5631 | 2020-10-06 | Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows... |
| CVE-2020-5632 | 2020-10-06 | InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5,... |
| CVE-2020-5634 | 2020-10-06 | ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2... |
| CVE-1999-0199 | 2020-10-06 | manual/search.texi in the GNU C Library (aka glibc) before 2.2... |
| CVE-2020-25987 | 2020-10-06 | MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml... |
| CVE-2020-25986 | 2020-10-06 | A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog... |
| CVE-2020-23832 | 2020-10-06 | A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds... |
| CVE-2020-24214 | 2020-10-06 | An issue was discovered in the box application on HiSilicon... |
| CVE-2020-24215 | 2020-10-06 | An issue was discovered in the box application on HiSilicon... |
| CVE-2020-24216 | 2020-10-06 | An issue was discovered in the box application on HiSilicon... |
| CVE-2020-24217 | 2020-10-06 | An issue was discovered in the box application on HiSilicon... |
| CVE-2020-24218 | 2020-10-06 | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through... |
| CVE-2020-24219 | 2020-10-06 | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through... |
| CVE-2020-25641 | 2020-10-06 | A flaw was found in the Linux kernel's implementation of... |
| CVE-2020-15598 | 2020-10-06 | Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via... |
| CVE-2020-7465 | 2020-10-06 | The L2TP implementation of MPD before 5.9 allows a remote... |
| CVE-2020-7466 | 2020-10-06 | The PPP implementation of MPD before 5.9 allows a remote... |
| CVE-2020-8781 | 2020-10-06 | Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11... |
| CVE-2020-8782 | 2020-10-06 | ALEOS LAN-Side RPC Service Remote Code Execution |
| CVE-2020-25802 | 2020-10-06 | Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting. |
| CVE-2020-25743 | 2020-10-06 | hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer... |
| CVE-2020-25742 | 2020-10-06 | pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL... |
| CVE-2020-25803 | 2020-10-06 | Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects. |
| CVE-2019-19200 | 2020-10-06 | REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the... |
| CVE-2020-7741 | 2020-10-06 | Cross-site Scripting (XSS) |
| CVE-2020-26574 | 2020-10-06 | Leostream Connection Broker 8.2.x is affected by stored XSS. An... |
| CVE-2020-25862 | 2020-10-06 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0... |
| CVE-2020-25866 | 2020-10-06 | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the... |
| CVE-2020-25863 | 2020-10-06 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0... |
| CVE-2020-26575 | 2020-10-06 | In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO)... |
| CVE-2020-7739 | 2020-10-06 | Server-side Request Forgery (SSRF) |
| CVE-2020-26582 | 2020-10-06 | D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to... |
| CVE-2019-4725 | 2020-10-06 | IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site... |
| CVE-2020-4528 | 2020-10-06 | IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through... |
| CVE-2020-7740 | 2020-10-06 | Server-side Request Forgery (SSRF) |
| CVE-2020-24807 | 2020-10-06 | The socket.io-file package through 2.0.31 for Node.js relies on client-side... |
| CVE-2019-4325 | 2020-10-06 | "HCL AppScan Enterprise makes use of broken or risky cryptographic... |
| CVE-2019-4326 | 2020-10-06 | "HCL AppScan Enterprise security rules update administration section of the... |
| CVE-2020-15174 | 2020-10-06 | Unpreventable top-level navigation in Electron |
| CVE-2020-1901 | 2020-10-06 | Receiving a large text message containing URLs in WhatsApp for... |
| CVE-2020-1902 | 2020-10-06 | A user running a quick search on a highly forwarded... |
| CVE-2020-1903 | 2020-10-06 | An issue when unzipping docx, pptx, and xlsx documents in... |
| CVE-2020-1904 | 2020-10-06 | A path validation issue in WhatsApp for iOS prior to... |
| CVE-2020-1905 | 2020-10-06 | Media ContentProvider URIs used for opening attachments in other apps... |
| CVE-2020-1906 | 2020-10-06 | A buffer overflow in WhatsApp for Android prior to v2.20.130... |
| CVE-2020-1907 | 2020-10-06 | A stack overflow in WhatsApp for Android prior to v2.20.196.16,... |
| CVE-2020-15215 | 2020-10-06 | Context isolation bypass in Electron |
| CVE-2020-26598 | 2020-10-06 | An issue was discovered on LG mobile devices with Android... |
| CVE-2020-26597 | 2020-10-06 | An issue was discovered on LG mobile devices with Android... |
| CVE-2020-13343 | 2020-10-06 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2020-13345 | 2020-10-06 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2020-13333 | 2020-10-06 | A potential DOS vulnerability was discovered in GitLab versions 13.1,... |
| CVE-2020-15239 | 2020-10-06 | Directory Traversal in xmpp-http-upload |