CVE List - 2020 / November
Showing 501 - 600 of 1246 CVEs for November 2020 (Page 6 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-17108 | 2020-11-11 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2020-17109 | 2020-11-11 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2020-17110 | 2020-11-11 | HEVC Video Extensions Remote Code Execution Vulnerability |
| CVE-2020-17113 | 2020-11-11 | Windows Camera Codec Information Disclosure Vulnerability |
| CVE-2020-1325 | 2020-11-11 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| CVE-2020-1599 | 2020-11-11 | Windows Spoofing Vulnerability |
| CVE-2020-7328 | 2020-11-11 | Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension |
| CVE-2020-7329 | 2020-11-11 | Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension |
| CVE-2020-7768 | 2020-11-11 | Prototype Pollution |
| CVE-2020-7767 | 2020-11-11 | Regular Expression Denial of Service (ReDoS) |
| CVE-2020-4685 | 2020-11-11 | A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege... |
| CVE-2020-27524 | 2020-11-11 | On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may... |
| CVE-2020-27523 | 2020-11-11 | Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash... |
| CVE-2020-15275 | 2020-11-11 | malicious SVG attachment causing stored XSS vulnerability in MoinMoin |
| CVE-2020-5426 | 2020-11-11 | Scheduler for TAS can transmit privileged UAA token in plaintext |
| CVE-2020-8352 | 2020-11-11 | In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. |
| CVE-2020-8353 | 2020-11-11 | Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative... |
| CVE-2020-8354 | 2020-11-11 | A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. |
| CVE-2020-26218 | 2020-11-11 | HTML Injection in touchbase.ai |
| CVE-2020-26219 | 2020-11-11 | Open Redirect in touchbase.ai |
| CVE-2020-26220 | 2020-11-11 | Information exposure in touchbase.ai |
| CVE-2020-26221 | 2020-11-11 | Stored Cross Site Scripting in touchbase.ai |
| CVE-2020-5992 | 2020-11-11 | NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting... |
| CVE-2019-17566 | 2020-11-12 | Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause... |
| CVE-2020-25706 | 2020-11-12 | A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field |
| CVE-2020-1999 | 2020-11-12 | PAN-OS: Threat signatures are evaded by specifically crafted packets |
| CVE-2020-2000 | 2020-11-12 | PAN-OS: OS command injection and memory corruption vulnerability |
| CVE-2020-2022 | 2020-11-12 | PAN-OS: Panorama session disclosure during context switch into managed device |
| CVE-2020-2048 | 2020-11-12 | PAN-OS: System proxy passwords may be logged in clear text while viewing system state |
| CVE-2020-2050 | 2020-11-12 | PAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verification |
| CVE-2020-26070 | 2020-11-12 | Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers Slow Path Forwarding Denial of Service Vulnerability |
| CVE-2020-7769 | 2020-11-12 | Command Injection |
| CVE-2020-7331 | 2020-11-12 | Unquoted service executable path in McAfee Endpoint Security (ENS) |
| CVE-2020-7332 | 2020-11-12 | Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS) |
| CVE-2020-7333 | 2020-11-12 | Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS) |
| CVE-2020-11121 | 2020-11-12 | u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290,... |
| CVE-2020-11123 | 2020-11-12 | u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in... |
| CVE-2020-11127 | 2020-11-12 | u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be... |
| CVE-2020-11130 | 2020-11-12 | u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215,... |
| CVE-2020-11131 | 2020-11-12 | u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2020-11132 | 2020-11-12 | u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11168 | 2020-11-12 | u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-11175 | 2020-11-12 | u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto,... |
| CVE-2020-11184 | 2020-11-12 | u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215,... |
| CVE-2020-11193 | 2020-11-12 | u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11196 | 2020-11-12 | u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2020-11201 | 2020-11-12 | Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-11202 | 2020-11-12 | Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2020-11205 | 2020-11-12 | u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155,... |
| CVE-2020-11206 | 2020-11-12 | Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... |
| CVE-2020-11207 | 2020-11-12 | Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052,... |
| CVE-2020-11208 | 2020-11-12 | Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P,... |
| CVE-2020-11209 | 2020-11-12 | Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429,... |
| CVE-2020-3632 | 2020-11-12 | u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P,... |
| CVE-2020-3639 | 2020-11-12 | u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2020-7770 | 2020-11-12 | Prototype Pollution |
| CVE-2020-13954 | 2020-11-12 | Apache CXF Reflected XSS in the services listing page via the styleSheetPath |
| CVE-2020-27481 | 2020-11-12 | An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access... |
| CVE-2020-25658 | 2020-11-12 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted... |
| CVE-2020-9128 | 2020-11-12 | FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. |
| CVE-2020-24442 | 2020-11-12 | Reflected Cross-Site Scripting (XSS) in Adobe Connect |
| CVE-2020-24443 | 2020-11-12 | Reflected Cross-Site Scripting (XSS) in Adobe Connect |
| CVE-2020-24441 | 2020-11-12 | Improper Access Control in Adobe Acrobat Reader for Android |
| CVE-2020-13771 | 2020-11-12 | Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation... |
| CVE-2020-28269 | 2020-11-12 | Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-28270 | 2020-11-12 | Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-28271 | 2020-11-12 | Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. |
| CVE-2020-7472 | 2020-11-12 | An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code... |
| CVE-2020-13770 | 2020-11-12 | Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can... |
| CVE-2020-24573 | 2020-11-12 | BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. |
| CVE-2019-11121 | 2020-11-12 | Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2020-0575 | 2020-11-12 | Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2020-0590 | 2020-11-12 | Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-0587 | 2020-11-12 | Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-0591 | 2020-11-12 | Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-0593 | 2020-11-12 | Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-0588 | 2020-11-12 | Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-0592 | 2020-11-12 | Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. |
| CVE-2020-12309 | 2020-11-12 | Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| CVE-2020-12310 | 2020-11-12 | Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| CVE-2020-12311 | 2020-11-12 | Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. |
| CVE-2020-0584 | 2020-11-12 | Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of... |
| CVE-2020-8676 | 2020-11-12 | Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-8677 | 2020-11-12 | Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2020-8693 | 2020-11-12 | Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local... |
| CVE-2020-8692 | 2020-11-12 | Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of... |
| CVE-2020-8690 | 2020-11-12 | Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. |
| CVE-2020-8691 | 2020-11-12 | A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local... |
| CVE-2020-8698 | 2020-11-12 | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2020-8696 | 2020-11-12 | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2020-8737 | 2020-11-12 | Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation... |
| CVE-2020-12312 | 2020-11-12 | Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation... |
| CVE-2020-8694 | 2020-11-12 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2020-8695 | 2020-11-12 | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2020-28247 | 2020-11-12 | The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. |
| CVE-2020-8764 | 2020-11-12 | Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-8738 | 2020-11-12 | Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-8740 | 2020-11-12 | Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-8739 | 2020-11-12 | Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-8752 | 2020-11-12 | Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network... |