CVE List - 2020 / November
Showing 701 - 800 of 1246 CVEs for November 2020 (Page 8 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-25557 | 2020-11-13 | In CMSuno 1.6.2, an attacker can inject malicious PHP code... |
| CVE-2020-25155 | 2020-11-13 | The affected product transmits unencrypted sensitive information, which may allow... |
| CVE-2020-25151 | 2020-11-13 | The affected product does not properly validate input, which may... |
| CVE-2020-26222 | 2020-11-13 | Remote code execution in dependabot-core |
| CVE-2020-26223 | 2020-11-13 | Authorization bypass in Spree |
| CVE-2020-26230 | 2020-11-13 | Deanonymization of COVID-19 positive users of Radar COVID |
| CVE-2020-7962 | 2020-11-13 | An issue was discovered in One Identity Password Manager 5.8.... |
| CVE-2020-6157 | 2020-11-13 | Opera Touch for iOS before version 2.4.5 is vulnerable to... |
| CVE-2020-27217 | 2020-11-13 | In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol... |
| CVE-2020-13638 | 2020-11-13 | lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass,... |
| CVE-2020-5796 | 2020-11-13 | Improper preservation of permissions in Nagios XI 5.7.4 allows a... |
| CVE-2020-0599 | 2020-11-13 | Improper access control in the PMC for some Intel(R) Processors... |
| CVE-2020-12338 | 2020-11-13 | Insufficient control flow management in the Open WebRTC Toolkit before... |
| CVE-2020-12313 | 2020-11-13 | Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products... |
| CVE-2020-28638 | 2020-11-13 | ask_password in Tomb 2.0 through 2.7 returns a warning when... |
| CVE-2020-15481 | 2020-11-13 | An issue was discovered in PassMark BurnInTest v9.1 Build 1008,... |
| CVE-2020-7772 | 2020-11-15 | Prototype Pollution |
| CVE-2020-28268 | 2020-11-15 | Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows... |
| CVE-2019-19562 | 2020-11-15 | An authentication bypass in the debug interface in Mercedes-Benz HERMES... |
| CVE-2019-19556 | 2020-11-15 | An authentication bypass in the debug interface in Mercedes-Benz HERMES... |
| CVE-2019-19560 | 2020-11-15 | An authentication bypass in the debug interface in Mercedes-Benz HERMES... |
| CVE-2019-19563 | 2020-11-15 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1... |
| CVE-2019-19557 | 2020-11-15 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 1... |
| CVE-2019-19561 | 2020-11-15 | A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5... |
| CVE-2020-8271 | 2020-11-16 | Unauthenticated remote code execution with root privileges in Citrix SD-WAN... |
| CVE-2020-8272 | 2020-11-16 | Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix... |
| CVE-2020-8273 | 2020-11-16 | Privilege escalation of an authenticated user to root in Citrix... |
| CVE-2020-8269 | 2020-11-16 | An unprivileged Windows user on the VDA can perform arbitrary... |
| CVE-2020-8270 | 2020-11-16 | An unprivileged Windows user on the VDA or an SMB... |
| CVE-2020-8152 | 2020-11-16 | Insufficient protection of the server-side encryption keys in Nextcloud Server... |
| CVE-2020-8259 | 2020-11-16 | Insufficient protection of the server-side encryption keys in Nextcloud Server... |
| CVE-2020-25694 | 2020-11-16 | A flaw was found in PostgreSQL versions before 13.1, before... |
| CVE-2020-25695 | 2020-11-16 | A flaw was found in PostgreSQL versions before 13.1, before... |
| CVE-2020-5666 | 2020-11-16 | Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules... |
| CVE-2020-2492 | 2020-11-16 | If exploited, the command injection vulnerability could allow remote attackers... |
| CVE-2020-2490 | 2020-11-16 | If exploited, the command injection vulnerability could allow remote attackers... |
| CVE-2020-28642 | 2020-11-16 | In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak... |
| CVE-2020-28648 | 2020-11-16 | Improper input validation in the Auto-Discovery component of Nagios XI... |
| CVE-2020-28650 | 2020-11-16 | The WPBakery plugin before 6.4.1 for WordPress allows XSS because... |
| CVE-2020-28649 | 2020-11-16 | The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via... |
| CVE-2020-28656 | 2020-11-16 | The update functionality of the Discover Media infotainment system in... |
| CVE-2020-5659 | 2020-11-16 | SQL injection vulnerability in the XooNIps 3.49 and earlier allows... |
| CVE-2020-5662 | 2020-11-16 | Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows... |
| CVE-2020-5663 | 2020-11-16 | Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows... |
| CVE-2020-5664 | 2020-11-16 | Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier... |
| CVE-2020-8897 | 2020-11-16 | Robustness weakness in AWS KMS and Encryption SDKs |
| CVE-2020-7765 | 2020-11-16 | Prototype Pollution |
| CVE-2020-7773 | 2020-11-16 | Cross-site Scripting (XSS) |
| CVE-2020-25210 | 2020-11-16 | In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow... |
| CVE-2020-27459 | 2020-11-16 | Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted... |
| CVE-2020-24366 | 2020-11-16 | Sensitive information could be disclosed in the JetBrains YouTrack application... |
| CVE-2020-25209 | 2020-11-16 | In JetBrains YouTrack before 2020.3.6638, improper access control for some... |
| CVE-2020-27626 | 2020-11-16 | JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. |
| CVE-2020-27625 | 2020-11-16 | In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible... |
| CVE-2020-27624 | 2020-11-16 | JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. |
| CVE-2020-25013 | 2020-11-16 | JetBrains ToolBox before version 1.18 is vulnerable to a Denial... |
| CVE-2020-25207 | 2020-11-16 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code... |
| CVE-2020-27629 | 2020-11-16 | In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be... |
| CVE-2020-27628 | 2020-11-16 | In JetBrains TeamCity before 2020.1.5, the Guest user had access... |
| CVE-2020-27627 | 2020-11-16 | JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. |
| CVE-2020-26129 | 2020-11-16 | In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. |
| CVE-2020-27622 | 2020-11-16 | In JetBrains IntelliJ IDEA before 2020.2, the built-in web server... |
| CVE-2020-27623 | 2020-11-16 | JetBrains IdeaVim before version 0.58 might have caused an information... |
| CVE-2020-27191 | 2020-11-16 | LionWiki before 3.2.12 allows an unauthenticated user to read files... |
| CVE-2020-13772 | 2020-11-16 | In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker... |
| CVE-2020-13769 | 2020-11-16 | LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection... |
| CVE-2020-13773 | 2020-11-16 | Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx,... |
| CVE-2020-25952 | 2020-11-16 | SQL injection vulnerability in PHPGurukul User Registration & Login and... |
| CVE-2020-27423 | 2020-11-16 | Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password... |
| CVE-2020-27422 | 2020-11-16 | In Anuko Time Tracker v1.19.23.5311, the password reset link emailed... |
| CVE-2020-4475 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and... |
| CVE-2020-4476 | 2020-11-16 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through... |
| CVE-2020-4566 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and... |
| CVE-2020-4647 | 2020-11-16 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through... |
| CVE-2020-4655 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and... |
| CVE-2020-4665 | 2020-11-16 | IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through... |
| CVE-2020-4671 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and... |
| CVE-2020-4672 | 2020-11-16 | IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting.... |
| CVE-2020-4692 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and... |
| CVE-2020-4700 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and... |
| CVE-2020-4705 | 2020-11-16 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and... |
| CVE-2020-4763 | 2020-11-16 | IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through... |
| CVE-2020-28723 | 2020-11-16 | Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. |
| CVE-2020-27988 | 2020-11-16 | Nagios XI before 5.7.5 is vulnerable to XSS in Manage... |
| CVE-2020-27989 | 2020-11-16 | Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard... |
| CVE-2020-27990 | 2020-11-16 | Nagios XI before 5.7.5 is vulnerable to XSS in the... |
| CVE-2020-27991 | 2020-11-16 | Nagios XI before 5.7.5 is vulnerable to XSS in Account... |
| CVE-2020-23490 | 2020-11-16 | There was a local file disclosure vulnerability in AVideo <... |
| CVE-2020-23489 | 2020-11-16 | The import.json.php file before 8.9 for Avideo is vulnerable to... |
| CVE-2020-28692 | 2020-11-16 | In Gila CMS 1.16.0, an attacker can upload a shell... |
| CVE-2020-26508 | 2020-11-16 | The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices... |
| CVE-2020-26509 | 2020-11-16 | Airleader Master and Easy <= 6.21 devices have default credentials... |
| CVE-2020-26510 | 2020-11-16 | Airleader Master <= 6.21 devices have default credentials that can... |
| CVE-2020-28693 | 2020-11-16 | An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an... |
| CVE-2020-27486 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow.... |
| CVE-2020-27485 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Array index... |
| CVE-2020-27484 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow.... |
| CVE-2020-27483 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Array index... |
| CVE-2020-26217 | 2020-11-16 | Remote Code Execution in XStream |
| CVE-2020-26224 | 2020-11-16 | Improper Access Control in PrestaShop |