CVE List - 2020 / November
Showing 1001 - 1100 of 1246 CVEs for November 2020 (Page 11 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-28975 | 2020-11-21 | svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced... |
| CVE-2020-25725 | 2020-11-21 | In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't... |
| CVE-2020-5797 | 2020-11-21 | UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set... |
| CVE-2020-25185 | 2020-11-21 | The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). |
| CVE-2020-25189 | 2020-11-21 | The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). |
| CVE-2020-14234 | 2020-11-21 | HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to... |
| CVE-2020-14258 | 2020-11-21 | HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message... |
| CVE-2020-14230 | 2020-11-21 | HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message... |
| CVE-2020-0569 | 2020-11-23 | Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2020-28053 | 2020-11-23 | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. |
| CVE-2020-27985 | 2020-11-23 | Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. |
| CVE-2020-7925 | 2020-11-23 | Denial of Service when processing malformed Role names |
| CVE-2020-7926 | 2020-11-23 | Specific query can cause a DoS against MongoDB Server |
| CVE-2018-20804 | 2020-11-23 | Invariant failure in applyOps |
| CVE-2018-20802 | 2020-11-23 | Post-auth queries on compound index may crash mongod |
| CVE-2018-20805 | 2020-11-23 | Invariant with $elemMatch |
| CVE-2019-2392 | 2020-11-23 | $mod can result in undefined behavior |
| CVE-2019-20924 | 2020-11-23 | Invariant in IndexBoundsBuilder |
| CVE-2019-20923 | 2020-11-23 | Crash while handling internal Javascript exception types |
| CVE-2019-2393 | 2020-11-23 | Crash while joining collections with $lookup |
| CVE-2020-1778 | 2020-11-23 | Bypassing user account validation |
| CVE-2020-7777 | 2020-11-23 | Arbitrary Code Execution |
| CVE-2020-28421 | 2020-11-23 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. |
| CVE-2019-14553 | 2020-11-23 | Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. |
| CVE-2019-14559 | 2020-11-23 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2019-14562 | 2020-11-23 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2019-14563 | 2020-11-23 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-14575 | 2020-11-23 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2019-14586 | 2020-11-23 | Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. |
| CVE-2019-14587 | 2020-11-23 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2020-12351 | 2020-11-23 | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2020-12352 | 2020-11-23 | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
| CVE-2020-6939 | 2020-11-23 | Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings... |
| CVE-2020-7928 | 2020-11-23 | Improper neutralization of null byte leads to read overrun |
| CVE-2020-4771 | 2020-11-23 | IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using... |
| CVE-2020-4783 | 2020-11-23 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could... |
| CVE-2020-4854 | 2020-11-23 | IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,... |
| CVE-2018-20803 | 2020-11-23 | Infinite loop in aggregation expression |
| CVE-2020-28864 | 2020-11-23 | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. |
| CVE-2020-28896 | 2020-11-23 | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and... |
| CVE-2020-7927 | 2020-11-23 | Potential privilege escalation in Ops Manager API |
| CVE-2020-26239 | 2020-11-23 | Cross-Site Scripting in Scratch browser addons |
| CVE-2020-15246 | 2020-11-23 | Local File Inclusion by unauthenticated users |
| CVE-2020-15247 | 2020-11-23 | Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. |
| CVE-2020-28927 | 2020-11-23 | There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and... |
| CVE-2020-15248 | 2020-11-23 | Privilege escalation by backend users assigned to the default "Publisher" system role |
| CVE-2020-15249 | 2020-11-23 | Stored XSS by authenticated backend user with access to upload files |
| CVE-2020-15436 | 2020-11-23 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error... |
| CVE-2020-15437 | 2020-11-23 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer... |
| CVE-2018-16723 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2020-28360 | 2020-11-23 | Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved... |
| CVE-2018-16722 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2018-16721 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2018-16720 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2018-16719 | 2020-11-23 | In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2020-26231 | 2020-11-23 | Bypass of fix for CVE-2020-15247, Twig sandbox escape |
| CVE-2020-24227 | 2020-11-23 | Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. |
| CVE-2020-26227 | 2020-11-23 | Cross-Site Scripting in Fluid view helpers |
| CVE-2020-25688 | 2020-11-23 | A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result... |
| CVE-2020-26228 | 2020-11-23 | Cleartext storage of session identifier |
| CVE-2020-26229 | 2020-11-23 | XML External Entity in Dashboard Widget |
| CVE-2020-25696 | 2020-11-23 | A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql... |
| CVE-2020-25660 | 2020-11-23 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay... |
| CVE-2020-4006 | 2020-11-23 | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. |
| CVE-2020-28984 | 2020-11-23 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. |
| CVE-2020-25654 | 2020-11-24 | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly... |
| CVE-2020-28991 | 2020-11-24 | Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. |
| CVE-2020-15929 | 2020-11-24 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags,... |
| CVE-2020-15928 | 2020-11-24 | In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. |
| CVE-2020-26890 | 2020-11-24 | Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the... |
| CVE-2020-28348 | 2020-11-24 | HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in... |
| CVE-2020-29003 | 2020-11-24 | The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll. |
| CVE-2020-29002 | 2020-11-24 | includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator. |
| CVE-2020-5641 | 2020-11-24 | Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the... |
| CVE-2020-5674 | 2020-11-24 | Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2019-20925 | 2020-11-24 | Denial of service via malformed network packet |
| CVE-2020-29006 | 2020-11-24 | MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php. |
| CVE-2020-25472 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users. |
| CVE-2020-25473 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. |
| CVE-2020-25474 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter. |
| CVE-2020-25475 | 2020-11-24 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. |
| CVE-2020-4001 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a... |
| CVE-2020-4002 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with... |
| CVE-2020-4003 | 2020-11-24 | VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure.... |
| CVE-2020-3984 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit... |
| CVE-2020-3985 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN... |
| CVE-2020-4000 | 2020-11-24 | The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is... |
| CVE-2020-29040 | 2020-11-24 | An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges... |
| CVE-2020-10763 | 2020-11-24 | An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive... |
| CVE-2020-10762 | 2020-11-24 | An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable.... |
| CVE-2020-7378 | 2020-11-24 | CRIXP OpenCRX Unverified Password Change |
| CVE-2020-28726 | 2020-11-24 | Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. |
| CVE-2020-24815 | 2020-11-24 | A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal... |
| CVE-2020-13620 | 2020-11-24 | Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration. |
| CVE-2020-28994 | 2020-11-24 | A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying... |
| CVE-2020-28331 | 2020-11-24 | Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon... |
| CVE-2020-13942 | 2020-11-24 | Remote Code Execution in Apache Unomi |
| CVE-2020-28928 | 2020-11-24 | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). |
| CVE-2020-28333 | 2020-11-24 | Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses... |
| CVE-2020-28330 | 2020-11-24 | Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display... |