CVE List - 2020 / November
Showing 1001 - 1100 of 1246 CVEs for November 2020 (Page 11 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-4004 | 2020-11-20 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before... |
| CVE-2020-28975 | 2020-11-21 | svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn... |
| CVE-2020-25725 | 2020-11-21 | In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use... |
| CVE-2020-5797 | 2020-11-21 | UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware... |
| CVE-2020-25185 | 2020-11-21 | The affected product is vulnerable to five post-authentication buffer overflows,... |
| CVE-2020-25189 | 2020-11-21 | The affected product is vulnerable to three stack-based buffer overflows,... |
| CVE-2020-14234 | 2020-11-21 | HCL Domino is susceptible to a Denial of Service vulnerability... |
| CVE-2020-14258 | 2020-11-21 | HCL Notes is susceptible to a Denial of Service vulnerability... |
| CVE-2020-14230 | 2020-11-21 | HCL Domino is susceptible to a Denial of Service vulnerability... |
| CVE-2020-0569 | 2020-11-23 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on... |
| CVE-2020-28053 | 2020-11-23 | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed... |
| CVE-2020-27985 | 2020-11-23 | Security Onion v2 prior to 2.3.10 has an incorrect sudo... |
| CVE-2020-7925 | 2020-11-23 | Denial of Service when processing malformed Role names |
| CVE-2020-7926 | 2020-11-23 | Specific query can cause a DoS against MongoDB Server |
| CVE-2018-20804 | 2020-11-23 | Invariant failure in applyOps |
| CVE-2018-20802 | 2020-11-23 | Post-auth queries on compound index may crash mongod |
| CVE-2018-20805 | 2020-11-23 | Invariant with $elemMatch |
| CVE-2019-2392 | 2020-11-23 | $mod can result in undefined behavior |
| CVE-2019-20924 | 2020-11-23 | Invariant in IndexBoundsBuilder |
| CVE-2019-20923 | 2020-11-23 | Crash while handling internal Javascript exception types |
| CVE-2019-2393 | 2020-11-23 | Crash while joining collections with $lookup |
| CVE-2020-1778 | 2020-11-23 | Bypassing user account validation |
| CVE-2020-7777 | 2020-11-23 | Arbitrary Code Execution |
| CVE-2020-28421 | 2020-11-23 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability... |
| CVE-2019-14553 | 2020-11-23 | Improper authentication in EDK II may allow a privileged user... |
| CVE-2019-14559 | 2020-11-23 | Uncontrolled resource consumption in EDK II may allow an unauthenticated... |
| CVE-2019-14562 | 2020-11-23 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated... |
| CVE-2019-14563 | 2020-11-23 | Integer truncation in EDK II may allow an authenticated user... |
| CVE-2019-14575 | 2020-11-23 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an... |
| CVE-2019-14586 | 2020-11-23 | Use after free vulnerability in EDK II may allow an... |
| CVE-2019-14587 | 2020-11-23 | Logic issue EDK II may allow an unauthenticated user to... |
| CVE-2020-12351 | 2020-11-23 | Improper input validation in BlueZ may allow an unauthenticated user... |
| CVE-2020-12352 | 2020-11-23 | Improper access control in BlueZ may allow an unauthenticated user... |
| CVE-2020-6939 | 2020-11-23 | Tableau Server installations configured with Site-Specific SAML that allows the... |
| CVE-2020-7928 | 2020-11-23 | Improper neutralization of null byte leads to read overrun |
| CVE-2020-4771 | 2020-11-23 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through... |
| CVE-2020-4783 | 2020-11-23 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a... |
| CVE-2020-4854 | 2020-11-23 | IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials,... |
| CVE-2018-20803 | 2020-11-23 | Infinite loop in aggregation expression |
| CVE-2020-28864 | 2020-11-23 | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server... |
| CVE-2020-28896 | 2020-11-23 | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure... |
| CVE-2020-7927 | 2020-11-23 | Potential privilege escalation in Ops Manager API |
| CVE-2020-26239 | 2020-11-23 | Cross-Site Scripting in Scratch browser addons |
| CVE-2020-15246 | 2020-11-23 | Local File Inclusion by unauthenticated users |
| CVE-2020-15247 | 2020-11-23 | Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. |
| CVE-2020-28927 | 2020-11-23 | There is a Stored XSS in Magicpin v2.1 in the... |
| CVE-2020-15248 | 2020-11-23 | Privilege escalation by backend users assigned to the default "Publisher" system role |
| CVE-2020-15249 | 2020-11-23 | Stored XSS by authenticated backend user with access to upload files |
| CVE-2020-15436 | 2020-11-23 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8... |
| CVE-2020-15437 | 2020-11-23 | The Linux kernel before version 5.8 is vulnerable to a... |
| CVE-2018-16723 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local... |
| CVE-2020-28360 | 2020-11-23 | Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently... |
| CVE-2018-16722 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local... |
| CVE-2018-16721 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local... |
| CVE-2018-16720 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local... |
| CVE-2018-16719 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local... |
| CVE-2020-26231 | 2020-11-23 | Bypass of fix for CVE-2020-15247, Twig sandbox escape |
| CVE-2020-24227 | 2020-11-23 | Playground Sessions v2.5.582 (and earlier) for Windows, stores the user... |
| CVE-2020-26227 | 2020-11-23 | Cross-Site Scripting in Fluid view helpers |
| CVE-2020-25688 | 2020-11-23 | A flaw was found in rhacm versions before 2.0.5 and... |
| CVE-2020-26228 | 2020-11-23 | Cleartext storage of session identifier |
| CVE-2020-26229 | 2020-11-23 | XML External Entity in Dashboard Widget |
| CVE-2020-25696 | 2020-11-23 | A flaw was found in the psql interactive terminal of... |
| CVE-2020-25660 | 2020-11-23 | A flaw was found in the Cephx authentication protocol in... |
| CVE-2020-4006 | 2020-11-23 | VMware Workspace One Access, Access Connector, Identity Manager, and Identity... |
| CVE-2020-28984 | 2020-11-23 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the... |
| CVE-2020-25654 | 2020-11-24 | An ACL bypass flaw was found in pacemaker. An attacker... |
| CVE-2020-28991 | 2020-11-24 | Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a... |
| CVE-2020-15929 | 2020-11-24 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters... |
| CVE-2020-15928 | 2020-11-24 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters... |
| CVE-2020-26890 | 2020-11-24 | Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and... |
| CVE-2020-28348 | 2020-11-24 | HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client... |
| CVE-2020-29003 | 2020-11-24 | The PollNY extension for MediaWiki through 1.35 allows XSS via... |
| CVE-2020-29002 | 2020-11-24 | includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows... |
| CVE-2020-5641 | 2020-11-24 | Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10... |
| CVE-2020-5674 | 2020-11-24 | Untrusted search path vulnerability in the installers of multiple SEIKO... |
| CVE-2019-20925 | 2020-11-24 | Denial of service via malformed network packet |
| CVE-2020-29006 | 2020-11-24 | MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php... |
| CVE-2020-25472 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a... |
| CVE-2020-25473 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 does not properly set... |
| CVE-2020-25474 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a... |
| CVE-2020-25475 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a... |
| CVE-2020-4001 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords... |
| CVE-2020-4002 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior... |
| CVE-2020-4003 | 2020-11-24 | VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior... |
| CVE-2020-3984 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x... |
| CVE-2020-3985 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x... |
| CVE-2020-4000 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior... |
| CVE-2020-29040 | 2020-11-24 | An issue was discovered in Xen through 4.14.x allowing x86... |
| CVE-2020-10763 | 2020-11-24 | An information-disclosure flaw was found in the way Heketi before... |
| CVE-2020-10762 | 2020-11-24 | An information-disclosure flaw was found in the way that gluster-block... |
| CVE-2020-7378 | 2020-11-24 | CRIXP OpenCRX Unverified Password Change |
| CVE-2020-28726 | 2020-11-24 | Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to... |
| CVE-2020-24815 | 2020-11-24 | A Server-Side Request Forgery (SSRF) affecting the PDF generation in... |
| CVE-2020-13620 | 2020-11-24 | Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via... |
| CVE-2020-28994 | 2020-11-24 | A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant... |
| CVE-2020-28331 | 2020-11-24 | Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s):... |
| CVE-2020-13942 | 2020-11-24 | Remote Code Execution in Apache Unomi |
| CVE-2020-28928 | 2020-11-24 | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of... |
| CVE-2020-28333 | 2020-11-24 | Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8.... |