CVE List - 2020 / October
Showing 401 - 500 of 1594 CVEs for October 2020 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-7743 | 2020-10-13 | Prototype Pollution |
| CVE-2020-16124 | 2020-10-13 | Integer overflow in ROS communications library |
| CVE-2020-15797 | 2020-10-13 | A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by... |
| CVE-2020-7590 | 2020-10-13 | A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by... |
| CVE-2020-25779 | 2020-10-13 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved... |
| CVE-2020-17406 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2020-17407 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists... |
| CVE-2020-17409 | 2020-10-13 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required... |
| CVE-2020-17410 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-17411 | 2020-10-13 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-17412 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-17413 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-17414 | 2020-10-13 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17415 | 2020-10-13 | This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17416 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-17417 | 2020-10-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-15251 | 2020-10-13 | Privilege Escalation in Channelmgnt plug-in for Sopel |
| CVE-2018-20243 | 2020-10-13 | The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. |
| CVE-2020-13957 | 2020-10-13 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in... |
| CVE-2020-25645 | 2020-10-13 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific... |
| CVE-2020-12933 | 2020-10-13 | A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows... |
| CVE-2020-12928 | 2020-10-13 | A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. |
| CVE-2020-12911 | 2020-10-13 | A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial... |
| CVE-2020-24188 | 2020-10-14 | Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows remote attackers to inject arbitrary web script or HTML via the request parameter. |
| CVE-2020-7330 | 2020-10-14 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial |
| CVE-2020-6086 | 2020-10-14 | An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of... |
| CVE-2020-6087 | 2020-10-14 | An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of... |
| CVE-2020-24551 | 2020-10-14 | IProom MMC+ Server - URL Redirection to Untrusted Site (Open Redirect') |
| CVE-2020-6083 | 2020-10-14 | An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of... |
| CVE-2020-25188 | 2020-10-14 | An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read... |
| CVE-2019-2194 | 2020-10-14 | In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2020-0419 | 2020-10-14 | In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with... |
| CVE-2020-0411 | 2020-10-14 | In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0400 | 2020-10-14 | In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0398 | 2020-10-14 | In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0416 | 2020-10-14 | In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges... |
| CVE-2020-0415 | 2020-10-14 | In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges... |
| CVE-2020-0410 | 2020-10-14 | In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0408 | 2020-10-14 | In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-0414 | 2020-10-14 | In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0378 | 2020-10-14 | In onWnmFrameReceived of PasspointManager.java, there is a missing permission check. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0413 | 2020-10-14 | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with... |
| CVE-2020-0377 | 2020-10-14 | In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with... |
| CVE-2020-0246 | 2020-10-14 | In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missing permission check. This could lead to local information disclosure of EID data with no additional execution privileges needed. User interaction is not... |
| CVE-2020-0412 | 2020-10-14 | In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not... |
| CVE-2020-0423 | 2020-10-14 | In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed.... |
| CVE-2020-0422 | 2020-10-14 | In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed.... |
| CVE-2020-0421 | 2020-10-14 | In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-0420 | 2020-10-14 | In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0367 | 2020-10-14 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980455 |
| CVE-2020-0339 | 2020-10-14 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-162980705 |
| CVE-2020-0376 | 2020-10-14 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163003156 |
| CVE-2020-0371 | 2020-10-14 | There is a possible out of bounds read due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008256 |
| CVE-2020-0283 | 2020-10-14 | There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257 |
| CVE-2020-9746 | 2020-10-14 | Exploitable NULL pointer deref could lead to arbitrary code execution |
| CVE-2020-6933 | 2020-10-14 | An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause... |
| CVE-2020-25824 | 2020-10-14 | Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened... |
| CVE-2020-25777 | 2020-10-14 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User... |
| CVE-2020-25778 | 2020-10-14 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An... |
| CVE-2020-27013 | 2020-10-14 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be... |
| CVE-2020-4395 | 2020-10-14 | IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. |
| CVE-2020-3483 | 2020-10-14 | Duo Network Gateway (DNG) Information Disclosure Vulnerability |
| CVE-2020-15253 | 2020-10-14 | Stored XSS in Grocy |
| CVE-2020-3427 | 2020-10-14 | Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability |
| CVE-2020-7318 | 2020-10-14 | ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability |
| CVE-2020-7317 | 2020-10-14 | ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability |
| CVE-2020-15224 | 2020-10-14 | Socket syscalls can leak enclave memory contents in Open Enclave |
| CVE-2020-15229 | 2020-10-14 | Path traversal and files overwrite with unsquashfs |
| CVE-2020-7383 | 2020-10-14 | SQL Injection in Rapid7 Nexpose |
| CVE-2020-8332 | 2020-10-14 | A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution.... |
| CVE-2020-8338 | 2020-10-14 | A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. |
| CVE-2020-8345 | 2020-10-14 | A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. |
| CVE-2020-8349 | 2020-10-14 | An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and... |
| CVE-2020-8350 | 2020-10-14 | An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. |
| CVE-2020-6323 | 2020-10-15 | SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS... |
| CVE-2020-6272 | 2020-10-15 | SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web... |
| CVE-2020-6319 | 2020-10-15 | SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with... |
| CVE-2020-6363 | 2020-10-15 | SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase... |
| CVE-2020-6368 | 2020-10-15 | SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without... |
| CVE-2020-6364 | 2020-10-15 | SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be... |
| CVE-2020-6371 | 2020-10-15 | User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions... |
| CVE-2020-6372 | 2020-10-15 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6373 | 2020-10-15 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6375 | 2020-10-15 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the... |
| CVE-2020-6374 | 2020-10-15 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming... |
| CVE-2020-6376 | 2020-10-15 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application... |
| CVE-2020-6365 | 2020-10-15 | SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient... |
| CVE-2020-5642 | 2020-10-15 | Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2020-27153 | 2020-10-15 | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during... |
| CVE-2020-27157 | 2020-10-15 | Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the... |
| CVE-2020-27156 | 2020-10-15 | Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. |
| CVE-2020-7334 | 2020-10-15 | Improper privilege assignment vulnerability in the installer component of MACC |
| CVE-2020-7326 | 2020-10-15 | McAfee MAR - Improperly implemented security check |
| CVE-2020-7327 | 2020-10-15 | McAfee MVEDR - Improperly implemented security check |
| CVE-2020-7744 | 2020-10-15 | Information Exposure |
| CVE-2019-4552 | 2020-10-15 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause... |
| CVE-2020-4499 | 2020-10-15 | IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access... |
| CVE-2020-6107 | 2020-10-15 | An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An... |
| CVE-2020-6108 | 2020-10-15 | An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution.... |
| CVE-2020-6104 | 2020-10-15 | An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker... |