CVE List - 2020 / October
Showing 501 - 600 of 1594 CVEs for October 2020 (Page 6 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-6105 | 2020-10-15 | An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An... |
| CVE-2020-6106 | 2020-10-15 | An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide... |
| CVE-2020-11643 | 2020-10-15 | GateManager Information Disclosure Vulnerability |
| CVE-2020-11644 | 2020-10-15 | GateManager Audit Message Spoofing Vulnerability |
| CVE-2020-11641 | 2020-10-15 | SiteManager Local File Inclusion Vulnerability |
| CVE-2020-11642 | 2020-10-15 | SiteManager Denial of Service via Local File Inclusion Vulnerability |
| CVE-2020-21674 | 2020-10-15 | Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive... |
| CVE-2020-11645 | 2020-10-15 | GateManager Denial of Service Vulnerability |
| CVE-2020-11646 | 2020-10-15 | GateManager Log Information Disclosure Vulnerability |
| CVE-2020-11637 | 2020-10-15 | Automation Runtime TFTP Service DoS Vulnerability |
| CVE-2020-25858 | 2020-10-15 | The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the... |
| CVE-2020-25859 | 2020-10-15 | The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A... |
| CVE-2020-12500 | 2020-10-15 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12501 | 2020-10-15 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12502 | 2020-10-15 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12503 | 2020-10-15 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-12504 | 2020-10-15 | Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products |
| CVE-2020-15792 | 2020-10-15 | A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow... |
| CVE-2020-15793 | 2020-10-15 | A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow... |
| CVE-2020-15794 | 2020-10-15 | A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated... |
| CVE-2020-7591 | 2020-10-15 | A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and... |
| CVE-2020-1777 | 2020-10-15 | Agent names disclosed in chat feature |
| CVE-2019-17640 | 2020-10-15 | In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot... |
| CVE-2020-14185 | 2020-10-15 | Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version... |
| CVE-2020-16947 | 2020-10-16 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2020-27163 | 2020-10-16 | phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. |
| CVE-2020-27173 | 2020-10-16 | In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced... |
| CVE-2020-27174 | 2020-10-16 | In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This... |
| CVE-2020-27176 | 2020-10-16 | Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an... |
| CVE-2020-24352 | 2020-10-16 | An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while... |
| CVE-2020-25829 | 2020-10-16 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to... |
| CVE-2020-26583 | 2020-10-16 | An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file,... |
| CVE-2020-26584 | 2020-10-16 | An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a... |
| CVE-2020-26943 | 2020-10-16 | An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host... |
| CVE-2019-18794 | 2020-10-16 | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to... |
| CVE-2019-18795 | 2020-10-16 | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain... |
| CVE-2019-18796 | 2020-10-16 | The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume... |
| CVE-2019-19513 | 2020-10-16 | The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the... |
| CVE-2020-26893 | 2020-10-16 | An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with... |
| CVE-2019-19885 | 2020-10-16 | In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without... |
| CVE-2020-14144 | 2020-10-16 | The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that... |
| CVE-2020-15867 | 2020-10-16 | The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to... |
| CVE-2020-16270 | 2020-10-16 | OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be... |
| CVE-2020-14299 | 2020-10-16 | A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode.... |
| CVE-2020-26944 | 2020-10-16 | An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be... |
| CVE-2020-3991 | 2020-10-16 | VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow... |
| CVE-2020-26682 | 2020-10-16 | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. |
| CVE-2020-24408 | 2020-10-16 | Stored XSS in customer address upload feature |
| CVE-2020-26672 | 2020-10-16 | Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will... |
| CVE-2020-27178 | 2020-10-16 | Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. |
| CVE-2020-9799 | 2020-10-16 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-15255 | 2020-10-16 | CSV injection in Anuko Time Tracker |
| CVE-2020-9862 | 2020-10-16 | A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari... |
| CVE-2020-9864 | 2020-10-16 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-9865 | 2020-10-16 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious... |
| CVE-2020-9870 | 2020-10-16 | A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may... |
| CVE-2020-9878 | 2020-10-16 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously... |
| CVE-2020-9884 | 2020-10-16 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously... |
| CVE-2020-9885 | 2020-10-16 | An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS... |
| CVE-2020-9888 | 2020-10-16 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted... |
| CVE-2020-9889 | 2020-10-16 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously... |
| CVE-2020-9890 | 2020-10-16 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted... |
| CVE-2020-9891 | 2020-10-16 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted... |
| CVE-2020-9893 | 2020-10-16 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for... |
| CVE-2020-4254 | 2020-10-16 | IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. |
| CVE-2020-4636 | 2020-10-16 | IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. |
| CVE-2020-9894 | 2020-10-16 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud... |
| CVE-2020-9895 | 2020-10-16 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for... |
| CVE-2020-9903 | 2020-10-16 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password... |
| CVE-2020-9907 | 2020-10-16 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute... |
| CVE-2020-9909 | 2020-10-16 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel... |
| CVE-2020-9910 | 2020-10-16 | Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows... |
| CVE-2020-9911 | 2020-10-16 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote... |
| CVE-2020-15157 | 2020-10-16 | containerd can be coerced into leaking credentials during image pull |
| CVE-2020-9912 | 2020-10-16 | A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a... |
| CVE-2020-9913 | 2020-10-16 | This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. |
| CVE-2020-9914 | 2020-10-16 | An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in... |
| CVE-2020-9915 | 2020-10-16 | An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8,... |
| CVE-2020-9916 | 2020-10-16 | A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for... |
| CVE-2020-9917 | 2020-10-16 | This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. |
| CVE-2020-9918 | 2020-10-16 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected... |
| CVE-2020-9923 | 2020-10-16 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute... |
| CVE-2020-9925 | 2020-10-16 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud... |
| CVE-2020-9931 | 2020-10-16 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. |
| CVE-2020-15258 | 2020-10-16 | Insecure use of shell.openExternal in Wire |
| CVE-2020-9933 | 2020-10-16 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to... |
| CVE-2020-9934 | 2020-10-16 | An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A... |
| CVE-2020-9936 | 2020-10-16 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for... |
| CVE-2020-9948 | 2020-10-16 | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2020-9946 | 2020-10-16 | This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period. |
| CVE-2020-9951 | 2020-10-16 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2020-9952 | 2020-10-16 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4,... |
| CVE-2020-9958 | 2020-10-16 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination... |
| CVE-2020-9959 | 2020-10-16 | A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0.... |
| CVE-2020-9964 | 2020-10-16 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory. |
| CVE-2020-15252 | 2020-10-16 | RCE in XWiki |
| CVE-2020-9968 | 2020-10-16 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be... |
| CVE-2020-9976 | 2020-10-16 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to... |
| CVE-2020-9983 | 2020-10-16 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. |
| CVE-2020-9992 | 2020-10-16 | This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and... |