CVE List - 2020 / December
Showing 401 - 500 of 1538 CVEs for December 2020 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-17135 | 2020-12-09 | Azure DevOps Server Spoofing Vulnerability |
| CVE-2020-17136 | 2020-12-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2020-17137 | 2020-12-09 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2020-17138 | 2020-12-09 | Windows Error Reporting Information Disclosure Vulnerability |
| CVE-2020-17139 | 2020-12-09 | Windows Overlay Filter Security Feature Bypass Vulnerability |
| CVE-2020-17140 | 2020-12-09 | Windows SMB Information Disclosure Vulnerability |
| CVE-2020-17141 | 2020-12-09 | Microsoft Exchange Remote Code Execution Vulnerability |
| CVE-2020-17142 | 2020-12-09 | Microsoft Exchange Remote Code Execution Vulnerability |
| CVE-2020-17143 | 2020-12-09 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2020-17144 | 2020-12-09 | Microsoft Exchange Remote Code Execution Vulnerability |
| CVE-2020-17145 | 2020-12-09 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| CVE-2020-17147 | 2020-12-09 | Dynamics CRM Webclient Cross-site Scripting Vulnerability |
| CVE-2020-17148 | 2020-12-09 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
| CVE-2020-17150 | 2020-12-09 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2020-17152 | 2020-12-09 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| CVE-2020-17153 | 2020-12-09 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2020-17156 | 2020-12-09 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2020-17158 | 2020-12-09 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| CVE-2020-17159 | 2020-12-09 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability |
| CVE-2020-12516 | 2020-12-10 | WAGO: PLC families 750-88x and 750-352 prone to DoS attack |
| CVE-2020-2491 | 2020-12-10 | Cross-site Scripting Vulnerability in Photo Station |
| CVE-2019-7198 | 2020-12-10 | Command Injection Vulnerability in QTS and QuTS hero |
| CVE-2020-2493 | 2020-12-10 | Cross-site Scripting Vulnerability in Multimedia Console |
| CVE-2020-2494 | 2020-12-10 | Cross-site Scripting Vulnerability in Music Station |
| CVE-2020-2495 | 2020-12-10 | Cross-site scripting vulnerability in QTS and QuTS hero |
| CVE-2020-2496 | 2020-12-10 | Cross-site scripting vulnerability in QTS and QuTS hero |
| CVE-2020-2497 | 2020-12-10 | Cross-site scripting vulnerability in QTS and QuTS hero |
| CVE-2020-2498 | 2020-12-10 | Cross-site scripting vulnerability in QTS and QuTS hero |
| CVE-2020-27350 | 2020-12-10 | apt integer wraparound |
| CVE-2020-27351 | 2020-12-10 | Various memory and file descriptor leaks in apt-python |
| CVE-2020-26407 | 2020-12-10 | A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via... |
| CVE-2020-12594 | 2020-12-10 | A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior... |
| CVE-2020-12595 | 2020-12-10 | An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to... |
| CVE-2020-24445 | 2020-12-10 | Cross-site Scripting Vulnerability in Commenting Function of Adobe Experience Manager (AEM) |
| CVE-2020-24444 | 2020-12-10 | Blind SSRF in Forms add-on for AEM |
| CVE-2020-29668 | 2020-12-10 | Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. |
| CVE-2020-29666 | 2020-12-10 | In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and... |
| CVE-2020-29667 | 2020-12-10 | In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient... |
| CVE-2020-8919 | 2020-12-10 | Information leakage in Gerrit |
| CVE-2020-8920 | 2020-12-10 | Overoptimization leads to private information leak in Gerrit |
| CVE-2020-26201 | 2020-12-10 | Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user... |
| CVE-2020-19527 | 2020-12-10 | iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. |
| CVE-2020-19142 | 2020-12-10 | iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. |
| CVE-2020-25967 | 2020-12-10 | The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability. |
| CVE-2020-16608 | 2020-12-10 | Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). |
| CVE-2020-13526 | 2020-12-10 | SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable... |
| CVE-2020-29311 | 2020-12-10 | Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software. |
| CVE-2020-26271 | 2020-12-10 | Heap out of bounds access in MakeEdge in TensorFlow |
| CVE-2020-26270 | 2020-12-10 | CHECK-fail in LSTM with zero-length input in TensorFlow |
| CVE-2020-26269 | 2020-12-10 | Heap out of bounds read in filesystem glob matching in TensorFlow |
| CVE-2020-26268 | 2020-12-10 | Write to immutable memory region in TensorFlow |
| CVE-2020-26267 | 2020-12-10 | Lack of validation in data format attributes in TensorFlow |
| CVE-2020-26266 | 2020-12-10 | Uninitialized memory access in Eigen types in TensorFlow |
| CVE-2020-8908 | 2020-12-10 | Temp directory permission issue in Guava |
| CVE-2019-4738 | 2020-12-10 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further... |
| CVE-2020-4829 | 2020-12-10 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. |
| CVE-2020-7536 | 2020-12-11 | A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4... |
| CVE-2020-28214 | 2020-12-11 | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value... |
| CVE-2020-28215 | 2020-12-11 | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code... |
| CVE-2020-28216 | 2020-12-11 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. |
| CVE-2020-28217 | 2020-12-11 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. |
| CVE-2020-28218 | 2020-12-11 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating... |
| CVE-2020-28219 | 2020-12-11 | A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert... |
| CVE-2020-28220 | 2020-12-11 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions),... |
| CVE-2020-7535 | 2020-12-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon... |
| CVE-2020-7537 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that... |
| CVE-2020-7539 | 2020-12-11 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see... |
| CVE-2020-7540 | 2020-12-11 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification... |
| CVE-2020-7541 | 2020-12-11 | A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for... |
| CVE-2020-7542 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that... |
| CVE-2020-7543 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that... |
| CVE-2020-7549 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see... |
| CVE-2020-7560 | 2020-12-11 | A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the... |
| CVE-2020-17530 | 2020-12-11 | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. |
| CVE-2020-26409 | 2020-12-11 | A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. |
| CVE-2020-24634 | 2020-12-11 | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in... |
| CVE-2020-24633 | 2020-12-11 | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port... |
| CVE-2020-24637 | 2020-12-11 | Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an... |
| CVE-2020-25838 | 2020-12-11 | Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. |
| CVE-2020-25191 | 2020-12-11 | Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior... |
| CVE-2020-9301 | 2020-12-11 | Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions... |
| CVE-2020-24447 | 2020-12-11 | Uncontrolled Search Path Element vulnerability in Lightroom Classic 10.0 |
| CVE-2020-24440 | 2020-12-11 | Uncontrolled Search Path Element in Adobe Prelude for Windows |
| CVE-2020-27828 | 2020-12-11 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect... |
| CVE-2020-13556 | 2020-12-11 | An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to... |
| CVE-2020-13530 | 2020-12-11 | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span... |
| CVE-2020-13520 | 2020-12-11 | An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of... |
| CVE-2020-26415 | 2020-12-11 | Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to... |
| CVE-2020-26416 | 2020-12-11 | Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5,... |
| CVE-2020-26417 | 2020-12-11 | Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7. |
| CVE-2020-26413 | 2020-12-11 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible. |
| CVE-2020-26412 | 2020-12-11 | Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. |
| CVE-2020-13357 | 2020-12-11 | An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list... |
| CVE-2020-35126 | 2020-12-11 | Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered... |
| CVE-2020-26408 | 2020-12-11 | A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in... |
| CVE-2020-27786 | 2020-12-11 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger... |
| CVE-2020-35127 | 2020-12-11 | Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. |
| CVE-2020-26411 | 2020-12-11 | A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for... |
| CVE-2020-35132 | 2020-12-11 | An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request... |
| CVE-2020-35135 | 2020-12-11 | The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. |