Security Bulletin 16 Sep 2020

Published on 16 Sep 2020

Updated on 16 Sep 2020

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-1889A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.10https://nvd.nist.gov/vuln/detail/CVE-2020-1889
CVE-2020-6151A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6151
CVE-2020-4693IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-4693
CVE-2020-3675u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM82509.8https://nvd.nist.gov/vuln/detail/CVE-2020-3675
CVE-2020-3669u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR11309.8https://nvd.nist.gov/vuln/detail/CVE-2020-3669
CVE-2020-3668u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR11309.8https://nvd.nist.gov/vuln/detail/CVE-2020-3668
CVE-2020-3667u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR11309.8https://nvd.nist.gov/vuln/detail/CVE-2020-3667
CVE-2020-25257An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows XXE attacks for read/write access to arbitrary files.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25257
CVE-2020-25213The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25213
CVE-2020-25105eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25105
CVE-2020-25023An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25023
CVE-2020-25022An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25022
CVE-2020-25021An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25021
CVE-2020-24987Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius".9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24987
CVE-2020-24978In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24978
CVE-2020-24977GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24977
CVE-2020-24876Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24876
CVE-2020-24786An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24786
CVE-2020-24355Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24355
CVE-2020-24199Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24199
CVE-2020-24193A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24193
CVE-2020-24030ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and access to sensitive data via token reuse.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24030
CVE-2020-24029Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-24029
CVE-2020-1911A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-1911
CVE-2020-1891A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-1891
CVE-2020-15865A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15865
CVE-2020-15787A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15787
CVE-2020-15786A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions >= 14 and V < XX), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI Mobile Panels (All versions), SIMATIC HMI United Comfort Panels (All versions). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15786
CVE-2020-15150There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-15150
CVE-2020-13802Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13802
CVE-2020-11612The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11612
CVE-2020-11117u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA99809.8https://nvd.nist.gov/vuln/detail/CVE-2020-11117
CVE-2020-11116u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21309.8https://nvd.nist.gov/vuln/detail/CVE-2020-11116
CVE-2020-6874A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-6874
CVE-2020-3634u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR11309.1https://nvd.nist.gov/vuln/detail/CVE-2020-3634
CVE-2020-25054An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).9.1https://nvd.nist.gov/vuln/detail/CVE-2020-25054
CVE-2020-9732The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.9https://nvd.nist.gov/vuln/detail/CVE-2020-9732

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-7319Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7319
CVE-2020-6513Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6513
CVE-2020-5369Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-5369
CVE-2020-3507Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3507
CVE-2020-3506Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3506
CVE-2020-3495A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3495
CVE-2020-3430A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-3430
CVE-2020-25079An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25079
CVE-2020-24949Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24949
CVE-2020-24034Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24034
CVE-2020-24028ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24028
CVE-2020-23829interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-23829
CVE-2020-1894A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1894
CVE-2020-1886A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1886
CVE-2020-17405This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10980.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-17405
CVE-2020-16862A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-16862
CVE-2020-16860A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-16860
CVE-2020-16857A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-16857
CVE-2020-1595A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1595
CVE-2020-1594A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1594
CVE-2020-1576A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1576
CVE-2020-15094In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-15094
CVE-2020-14209Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-14209
CVE-2020-13941Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13941
CVE-2020-13593The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13593
CVE-2020-1335A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1335
CVE-2020-1332A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1332
CVE-2020-12248In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-12248
CVE-2020-1210A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1210
CVE-2020-1193A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1332, CVE-2020-1335, CVE-2020-1594.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-1193
CVE-2020-15167In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-15167
CVE-2020-1453A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-1453
CVE-2020-1452A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-1452
CVE-2020-1200A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.8.6https://nvd.nist.gov/vuln/detail/CVE-2020-1200
CVE-2020-3530A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.8.4https://nvd.nist.gov/vuln/detail/CVE-2020-3530
CVE-2020-17376An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.8.3https://nvd.nist.gov/vuln/detail/CVE-2020-17376
CVE-2020-7587A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-7587
CVE-2020-6302SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-6302
CVE-2020-3478A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-3478
CVE-2020-16602Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\\Razer Chroma\\SDK\\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-16602
CVE-2020-15789A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-15789
CVE-2020-13790libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-13790
CVE-2020-12693Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-12693
CVE-2020-11493In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-11493
CVE-2020-1057A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-1057
CVE-2020-15863hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.7.9https://nvd.nist.gov/vuln/detail/CVE-2020-15863
CVE-2020-9731A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9731
CVE-2020-9730A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9730
CVE-2020-9729A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9729
CVE-2020-9728A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9728
CVE-2020-9727A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9727
CVE-2020-9725Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9725
CVE-2020-8224A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-8224
CVE-2020-8023A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-8023
CVE-2020-7830RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-7830
CVE-2020-7381In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during a Security Console installation and any arbitrary code executable using the same file name.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-7381
CVE-2020-7325Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-7325
CVE-2020-6152A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6152
CVE-2020-4545IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183190.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-4545
CVE-2020-3666u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5500, QCN5502, QCS404, QCS405, QCS605, SA6155P, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SXR11307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3666
CVE-2020-3656Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3656
CVE-2020-3648u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3648
CVE-2020-3647u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55, SM6150, SM7150, SM81507.8https://nvd.nist.gov/vuln/detail/CVE-2020-3647
CVE-2020-3646u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3646
CVE-2020-3640u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with wrong input' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3640
CVE-2020-3636u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3636
CVE-2020-3629u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3629
CVE-2020-3624u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR11307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3624
CVE-2020-3622u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3622
CVE-2020-3611u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR11307.8https://nvd.nist.gov/vuln/detail/CVE-2020-3611
CVE-2020-3473A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group&ndash;based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3473
CVE-2020-3394A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-3394
CVE-2020-25220The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-25220
CVE-2020-25125GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-25125
CVE-2020-25045Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-25045
CVE-2020-24999There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24999
CVE-2020-24996There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24996
CVE-2020-24955SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24955
CVE-2020-24162The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24162
CVE-2020-24161Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24161
CVE-2020-24160Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24160
CVE-2020-24159NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24159
CVE-2020-24158360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24158
CVE-2020-14356A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-14356
CVE-2020-1269An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-1269
CVE-2020-11618THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-11618
CVE-2020-11133u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR11307.8https://nvd.nist.gov/vuln/detail/CVE-2020-11133
CVE-2020-11129u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-11129
CVE-2020-11128u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9607, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QCS610, QM215, Rennell, SA515M, SA6155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-11128
CVE-2020-11124u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-11124
CVE-2020-11120u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR21307.8https://nvd.nist.gov/vuln/detail/CVE-2020-11120
CVE-2020-1074A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-1074
CVE-2020-10056A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10056
CVE-2020-10051A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10051
CVE-2020-10050A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10050
CVE-2020-0998An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-0998
CVE-2020-0997A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-0997
CVE-2020-5420Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.7.7https://nvd.nist.gov/vuln/detail/CVE-2020-5420
CVE-2020-9733An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-9733
CVE-2020-7595xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7595
CVE-2020-6095An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6095
CVE-2020-5779A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5779
CVE-2020-5778A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5778
CVE-2020-5386Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5386
CVE-2020-3702u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM71507.5https://nvd.nist.gov/vuln/detail/CVE-2020-3702
CVE-2020-25250An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client applications can write arbitrary data to the server logs.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25250
CVE-2020-25248An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for reading files, as demonstrated by the FileName parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25248
CVE-2020-25247An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25247
CVE-2020-25219url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25219
CVE-2020-25078An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25078
CVE-2020-25068** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. CVE-2020-25068 is been disputed until the researcher and the manufacturer identify the correct affected version.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25068
CVE-2020-25032An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-25032
CVE-2020-24941An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24941
CVE-2020-24940An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24940
CVE-2020-24659An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24659
CVE-2020-24584An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24584
CVE-2020-24583An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24583
CVE-2020-24566In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-24566
CVE-2020-23972In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23972
CVE-2020-23811xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23811
CVE-2020-1890A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-1890
CVE-2020-16845Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-16845
CVE-2020-1597A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-1597
CVE-2020-14178Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-14178
CVE-2020-11579An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11579
CVE-2020-11158u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.27.5https://nvd.nist.gov/vuln/detail/CVE-2020-11158
CVE-2020-11135u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21307.5https://nvd.nist.gov/vuln/detail/CVE-2020-11135
CVE-2020-11118u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21307.5https://nvd.nist.gov/vuln/detail/CVE-2020-11118
CVE-2020-11115u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21307.5https://nvd.nist.gov/vuln/detail/CVE-2020-11115
CVE-2020-10663The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-10663
CVE-2020-0674A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-0674
CVE-2020-11501GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-11501
CVE-2020-8116Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-8116
CVE-2020-7320Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capability allowing otherwise detected malware to run via stopping certain Microsoft services.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-7320
CVE-2020-10049A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-10049
CVE-2020-7712This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-7712
CVE-2020-4638IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-4638
CVE-2020-25042An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-25042
CVE-2020-24986Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-24986
CVE-2020-24948The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-24948
CVE-2020-7729The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-7729
CVE-2020-3617u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR11307.1https://nvd.nist.gov/vuln/detail/CVE-2020-3617
CVE-2020-25211In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-25211
CVE-2020-25044Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-25044
CVE-2020-25043The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-25043
CVE-2020-23830A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-23830
CVE-2020-16853An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-16853
CVE-2020-16852An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-16852
CVE-2020-16851An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-16851
CVE-2020-3619u'Non-secure memory is touched multiple times during TrustZone\\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ8074, Kamorta, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCA8081, QCS404, QCS605, QCS610, QM215, Rennell, SA415M, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR11307https://nvd.nist.gov/vuln/detail/CVE-2020-3619
CVE-2020-25212A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.7https://nvd.nist.gov/vuln/detail/CVE-2020-25212
CVE-2020-15702TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.7https://nvd.nist.gov/vuln/detail/CVE-2020-15702
CVE-2020-15170apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application's configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet.7https://nvd.nist.gov/vuln/detail/CVE-2020-15170
CVE-2020-14342It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.7https://nvd.nist.gov/vuln/detail/CVE-2020-14342
CVE-2020-7323Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via triggering certain detection events while the computer screen is locked and the McTray.exe is running with elevated privileges. This issue is timing dependent and requires physical access to the machine.6.9https://nvd.nist.gov/vuln/detail/CVE-2020-7323
CVE-2020-9199B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-9199
CVE-2020-8335The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-8335
CVE-2020-8227Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-8227
CVE-2020-5379Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).6.8https://nvd.nist.gov/vuln/detail/CVE-2020-5379
CVE-2020-5378Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).6.8https://nvd.nist.gov/vuln/detail/CVE-2020-5378
CVE-2020-5376Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).6.8https://nvd.nist.gov/vuln/detail/CVE-2020-5376
CVE-2020-4047In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).6.8https://nvd.nist.gov/vuln/detail/CVE-2020-4047
CVE-2020-3453Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-3453
CVE-2020-13471Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-13471
CVE-2020-13466STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-13466
CVE-2020-7581A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-7581
CVE-2020-7580A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-7580
CVE-2020-7315DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-7315
CVE-2020-5419RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-5419
CVE-2020-3545A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-3545
CVE-2020-14344An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-14344
CVE-2020-15171In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users.6.6https://nvd.nist.gov/vuln/detail/CVE-2020-15171
CVE-2020-8244A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8244
CVE-2020-7382Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions prior to 6.6.40.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-7382
CVE-2020-6321SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-6321
CVE-2020-6313SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-6313
CVE-2020-6311Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-6311
CVE-2020-4632IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4632
CVE-2020-4337IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4337
CVE-2020-3498A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-3498
CVE-2020-3365A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-3365
CVE-2020-15811An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15811
CVE-2020-15810An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15810
CVE-2020-15791A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-15791
CVE-2020-14619Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14619
CVE-2020-14576Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14576
CVE-2020-14539Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2020-14539
CVE-2020-1097An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1091.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-1097
CVE-2020-1091An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-1091
CVE-2020-3485A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-3485
CVE-2020-24654In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.6.3https://nvd.nist.gov/vuln/detail/CVE-2020-24654
CVE-2020-9726Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious FrameMaker file.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-9726
CVE-2020-7324Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-7324
CVE-2020-6324SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-6324
CVE-2020-6283SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting (XSS) vulnerability. With a successful attack, the attacker can steal authentication information of the user, such as data relating to his or her current session.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-6283
CVE-2020-5627Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-5627
CVE-2020-25102silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-25102
CVE-2020-24794Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24794
CVE-2020-24582Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24582
CVE-2020-24194A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-24194
CVE-2020-1941In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1941
CVE-2020-15788A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-15788
CVE-2020-1482A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1482
CVE-2020-1345A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1345
CVE-2020-12621The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-12621
CVE-2020-12058Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/order_status.php, catalog/admin/tax_rates.php, catalog/admin/languages.php, catalog/admin/countries.php, catalog/admin/tax_classes.php, catalog/admin/reviews.php, or catalog/admin/zones.php; or the zpage or spage parameter to catalog/admin/geo_zones.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-12058
CVE-2020-1198A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-1198
CVE-2020-11023In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-11022In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2020-1711An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.6https://nvd.nist.gov/vuln/detail/CVE-2020-1711
CVE-2020-14367A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.6https://nvd.nist.gov/vuln/detail/CVE-2020-14367
CVE-2020-15586Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-15586
CVE-2020-13946In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-13946
CVE-2020-13920Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-13920
CVE-2020-11617The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-11617
CVE-2020-4048In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).5.7https://nvd.nist.gov/vuln/detail/CVE-2020-4048
CVE-2020-3537A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.5.7https://nvd.nist.gov/vuln/detail/CVE-2020-3537
CVE-2020-9235Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-9235
CVE-2020-3679u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3679
CVE-2020-3674Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3674
CVE-2020-3644u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3644
CVE-2020-3643u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3643
CVE-2020-3621u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3621
CVE-2020-3620u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-3620
CVE-2020-24863A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-24863
CVE-2020-24385In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find().5.5https://nvd.nist.gov/vuln/detail/CVE-2020-24385
CVE-2020-16854An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16854
CVE-2020-16150A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16150
CVE-2020-15704The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15704
CVE-2020-15701An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-15701
CVE-2020-14373A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14373
CVE-2020-14347A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-14347
CVE-2020-13253sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13253
CVE-2020-12872yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-12872
CVE-2020-12829In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-12829
CVE-2020-11765An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11765
CVE-2020-11764An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11764
CVE-2020-11763An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11763
CVE-2020-11762An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11762
CVE-2020-11761An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11761
CVE-2020-11760An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11760
CVE-2020-11759An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11759
CVE-2020-11758An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11758
CVE-2020-11122u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR21305.5https://nvd.nist.gov/vuln/detail/CVE-2020-11122
CVE-2020-1083An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-1083
CVE-2020-10720A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-10720
CVE-2020-0549Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-0549
CVE-2020-0543Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-0543
CVE-2020-9741The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-9741
CVE-2020-9740AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-9740
CVE-2020-9734The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-9734
CVE-2020-8576Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-8576
CVE-2020-8189A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-8189
CVE-2020-7064In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-7064
CVE-2020-6326SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored Cross Site Scripting.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-6326
CVE-2020-6312SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-6312
CVE-2020-4702IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4702
CVE-2020-4698IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4698
CVE-2020-4578IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184433.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4578
CVE-2020-4516IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-4516
CVE-2020-25104eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-25104
CVE-2020-24963An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-24963
CVE-2020-16878A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16878
CVE-2020-16872A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16872
CVE-2020-16871A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16872, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16871
CVE-2020-16864A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16861, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16864
CVE-2020-16861A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16859, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16861
CVE-2020-16859A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16858, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16859
CVE-2020-16858A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16859, CVE-2020-16861, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-16858
CVE-2020-1575A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-1575
CVE-2020-1514A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-1514
CVE-2020-12646OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-12646
CVE-2020-1227A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-1227
CVE-2020-7588A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7588
CVE-2020-6873A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to cause the equipment WEB/TELNET module denial of service and make the equipment be out of management. This affects: ZXR10 2800-4_ALMPUFB(LOW), all versions up to V3.00.40.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-6873
CVE-2020-6862V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-6862
CVE-2020-6288SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-6288
CVE-2020-3546A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-3546
CVE-2020-3542A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-3542
CVE-2020-2830Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-2830
CVE-2020-2781Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-2781
CVE-2020-25073FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-25073
CVE-2020-24981An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-24981
CVE-2020-17507An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-17507
CVE-2020-15790A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15790
CVE-2020-15784A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-15784
CVE-2020-14550Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14550
CVE-2020-14039In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14039
CVE-2020-14364An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.5https://nvd.nist.gov/vuln/detail/CVE-2020-14364
CVE-2020-12644OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.5https://nvd.nist.gov/vuln/detail/CVE-2020-12644
CVE-2020-7119A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user.4.9https://nvd.nist.gov/vuln/detail/CVE-2020-7119
CVE-2020-14614Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14614
CVE-2020-14597Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14597
CVE-2020-14586Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14586
CVE-2020-14575Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14575
CVE-2020-14568Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14568
CVE-2020-14547Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14547
CVE-2020-14540Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-14540
CVE-2020-9738AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-9738
CVE-2020-9737AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-9737
CVE-2020-9736AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-9736
CVE-2020-9735AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field.4.8https://nvd.nist.gov/vuln/detail/CVE-2020-9735
CVE-2020-7322Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-7322
CVE-2020-3451Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.4.7https://nvd.nist.gov/vuln/detail/CVE-2020-3451
CVE-2020-13467The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.4.6https://nvd.nist.gov/vuln/detail/CVE-2020-13467
CVE-2020-13463The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.4.6https://nvd.nist.gov/vuln/detail/CVE-2020-13463
CVE-2020-3541A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.4.4https://nvd.nist.gov/vuln/detail/CVE-2020-3541
CVE-2020-9743AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).4.3https://nvd.nist.gov/vuln/detail/CVE-2020-9743
CVE-2020-6361SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6361
CVE-2020-6360SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6360
CVE-2020-6359SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6359
CVE-2020-6358SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6358
CVE-2020-6357SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6357
CVE-2020-6356SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6356
CVE-2020-6355SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6355
CVE-2020-6354SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6354
CVE-2020-6353SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6353
CVE-2020-6352SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6352
CVE-2020-6351SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6351
CVE-2020-6350SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6350
CVE-2020-6349SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6349
CVE-2020-6348SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6348
CVE-2020-6347SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6347
CVE-2020-6346SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6346
CVE-2020-6345SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6345
CVE-2020-6344SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6344
CVE-2020-6343SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6343
CVE-2020-6342SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6342
CVE-2020-6341SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6341
CVE-2020-6340SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6340
CVE-2020-6339SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6339
CVE-2020-6338SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6338
CVE-2020-6337SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6337
CVE-2020-6336SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6336
CVE-2020-6335SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6335
CVE-2020-6334SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6334
CVE-2020-6333SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6333
CVE-2020-6332SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6332
CVE-2020-6331SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6331
CVE-2020-6330SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6330
CVE-2020-6329SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6329
CVE-2020-6328SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6328
CVE-2020-6327SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6327
CVE-2020-6322SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6322
CVE-2020-6314SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-6314
CVE-2020-5418Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).4.3https://nvd.nist.gov/vuln/detail/CVE-2020-5418
CVE-2020-25026The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-25026
CVE-2020-25025The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).4.3https://nvd.nist.gov/vuln/detail/CVE-2020-25025
CVE-2020-17489An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.)4.3https://nvd.nist.gov/vuln/detail/CVE-2020-17489
CVE-2020-14559Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2020-14559
CVE-2020-14553Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2020-14553
CVE-2020-14514All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-14514
CVE-2020-15719libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.4.2https://nvd.nist.gov/vuln/detail/CVE-2020-15719
CVE-2020-13464The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.4.2https://nvd.nist.gov/vuln/detail/CVE-2020-13464
CVE-2020-11736fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.3.9https://nvd.nist.gov/vuln/detail/CVE-2020-11736
CVE-2020-16092In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.3.8https://nvd.nist.gov/vuln/detail/CVE-2020-16092
CVE-2020-11054In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned.3.5https://nvd.nist.gov/vuln/detail/CVE-2020-11054
CVE-2020-4050In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).3.1https://nvd.nist.gov/vuln/detail/CVE-2020-4050
CVE-2020-11767Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.3.1https://nvd.nist.gov/vuln/detail/CVE-2020-11767
CVE-2020-8341In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.2.4https://nvd.nist.gov/vuln/detail/CVE-2020-8341
CVE-2020-4049In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2.4https://nvd.nist.gov/vuln/detail/CVE-2020-4049
CVE-2020-9742AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.https://nvd.nist.gov/vuln/detail/CVE-2020-9742
CVE-2020-9239Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerabhttps://nvd.nist.gov/vuln/detail/CVE-2020-9239
CVE-2020-8817Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.https://nvd.nist.gov/vuln/detail/CVE-2020-8817
CVE-2020-8758Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.https://nvd.nist.gov/vuln/detail/CVE-2020-8758
CVE-2020-7807A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).https://nvd.nist.gov/vuln/detail/CVE-2020-7807
CVE-2020-7314Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.https://nvd.nist.gov/vuln/detail/CVE-2020-7314
CVE-2020-7312DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.https://nvd.nist.gov/vuln/detail/CVE-2020-7312
CVE-2020-7311Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files.https://nvd.nist.gov/vuln/detail/CVE-2020-7311
CVE-2020-7068In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2020-7068
CVE-2020-6320SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.https://nvd.nist.gov/vuln/detail/CVE-2020-6320
CVE-2020-6318A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.https://nvd.nist.gov/vuln/detail/CVE-2020-6318
CVE-2020-6097An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2020-6097
CVE-2020-5780Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.https://nvd.nist.gov/vuln/detail/CVE-2020-5780
CVE-2020-25576An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.https://nvd.nist.gov/vuln/detail/CVE-2020-25576
CVE-2020-25575** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.https://nvd.nist.gov/vuln/detail/CVE-2020-25575
CVE-2020-25574An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).https://nvd.nist.gov/vuln/detail/CVE-2020-25574
CVE-2020-25573An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.https://nvd.nist.gov/vuln/detail/CVE-2020-25573
CVE-2020-25540ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-25540
CVE-2020-25380Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed.https://nvd.nist.gov/vuln/detail/CVE-2020-25380
CVE-2020-25379Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.https://nvd.nist.gov/vuln/detail/CVE-2020-25379
CVE-2020-25378Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-25378
CVE-2020-25375Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field.https://nvd.nist.gov/vuln/detail/CVE-2020-25375
CVE-2020-25291GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.https://nvd.nist.gov/vuln/detail/CVE-2020-25291
CVE-2020-25289The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).https://nvd.nist.gov/vuln/detail/CVE-2020-25289
CVE-2020-25287Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.https://nvd.nist.gov/vuln/detail/CVE-2020-25287
CVE-2020-25286In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.https://nvd.nist.gov/vuln/detail/CVE-2020-25286
CVE-2020-25285A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.https://nvd.nist.gov/vuln/detail/CVE-2020-25285
CVE-2020-25284The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.https://nvd.nist.gov/vuln/detail/CVE-2020-25284
CVE-2020-25283An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25283
CVE-2020-25282An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25282
CVE-2020-25281An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25281
CVE-2020-25280An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25280
CVE-2020-25279An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25279
CVE-2020-25278An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).https://nvd.nist.gov/vuln/detail/CVE-2020-25278
CVE-2020-25276An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.)https://nvd.nist.gov/vuln/detail/CVE-2020-25276
CVE-2020-25269An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.https://nvd.nist.gov/vuln/detail/CVE-2020-25269
CVE-2020-25260An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.https://nvd.nist.gov/vuln/detail/CVE-2020-25260
CVE-2020-25259An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses XML deserialization libraries in an unsafe manner.https://nvd.nist.gov/vuln/detail/CVE-2020-25259
CVE-2020-25258An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.https://nvd.nist.gov/vuln/detail/CVE-2020-25258
CVE-2020-25256An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. PKI certificates have a private key that is the same across different customers' installations.https://nvd.nist.gov/vuln/detail/CVE-2020-25256
CVE-2020-25255An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry.https://nvd.nist.gov/vuln/detail/CVE-2020-25255
CVE-2020-25254An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.https://nvd.nist.gov/vuln/detail/CVE-2020-25254
CVE-2020-25253An issue was discovered in Hyland OnBase through 18.0.0.32. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-25253
CVE-2020-25252An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).https://nvd.nist.gov/vuln/detail/CVE-2020-25252
CVE-2020-25251An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2020-25251
CVE-2020-25249An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations.https://nvd.nist.gov/vuln/detail/CVE-2020-25249
CVE-2020-25221get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.https://nvd.nist.gov/vuln/detail/CVE-2020-25221
CVE-2020-24980** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.https://nvd.nist.gov/vuln/detail/CVE-2020-24980
CVE-2020-24979** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.https://nvd.nist.gov/vuln/detail/CVE-2020-24979
CVE-2020-24916CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.https://nvd.nist.gov/vuln/detail/CVE-2020-24916
CVE-2020-24739A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.https://nvd.nist.gov/vuln/detail/CVE-2020-24739
CVE-2020-24660An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package.https://nvd.nist.gov/vuln/detail/CVE-2020-24660
CVE-2020-24655A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).https://nvd.nist.gov/vuln/detail/CVE-2020-24655
CVE-2020-24552Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.https://nvd.nist.gov/vuln/detail/CVE-2020-24552
CVE-2020-24457Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.https://nvd.nist.gov/vuln/detail/CVE-2020-24457
CVE-2020-24379WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.https://nvd.nist.gov/vuln/detail/CVE-2020-24379
CVE-2020-24200** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.https://nvd.nist.gov/vuln/detail/CVE-2020-24200
CVE-2020-24198A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'https://nvd.nist.gov/vuln/detail/CVE-2020-24198
CVE-2020-24197A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-24197
CVE-2020-24195An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-24195
CVE-2020-24164A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface.https://nvd.nist.gov/vuln/detail/CVE-2020-24164
CVE-2020-24074The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2020-24074
CVE-2020-23824ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.https://nvd.nist.gov/vuln/detail/CVE-2020-23824
CVE-2020-22158Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code.https://nvd.nist.gov/vuln/detail/CVE-2020-22158
CVE-2020-21845Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'https://nvd.nist.gov/vuln/detail/CVE-2020-21845
CVE-2020-21733Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.https://nvd.nist.gov/vuln/detail/CVE-2020-21733
CVE-2020-21732Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.https://nvd.nist.gov/vuln/detail/CVE-2020-21732
CVE-2020-21731Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code.https://nvd.nist.gov/vuln/detail/CVE-2020-21731
CVE-2020-2044An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.https://nvd.nist.gov/vuln/detail/CVE-2020-2044
CVE-2020-2043An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple times in one log entry. The first instance of the sensitive field is masked but subsequent instances are left in clear text. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4.https://nvd.nist.gov/vuln/detail/CVE-2020-2043
CVE-2020-2042A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue impacts only PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.https://nvd.nist.gov/vuln/detail/CVE-2020-2042
CVE-2020-2041An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16.https://nvd.nist.gov/vuln/detail/CVE-2020-2041
CVE-2020-2040A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.https://nvd.nist.gov/vuln/detail/CVE-2020-2040
CVE-2020-2039An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.https://nvd.nist.gov/vuln/detail/CVE-2020-2039
CVE-2020-2038An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.https://nvd.nist.gov/vuln/detail/CVE-2020-2038
CVE-2020-2037An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3.https://nvd.nist.gov/vuln/detail/CVE-2020-2037
CVE-2020-2036A reflected cross-site scripting (XSS) vulnerability exists in the PAN-OS management web interface. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.https://nvd.nist.gov/vuln/detail/CVE-2020-2036
CVE-2020-1968The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).https://nvd.nist.gov/vuln/detail/CVE-2020-1968
CVE-2020-1913An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.https://nvd.nist.gov/vuln/detail/CVE-2020-1913
CVE-2020-1912An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.https://nvd.nist.gov/vuln/detail/CVE-2020-1912
CVE-2020-1749A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.https://nvd.nist.gov/vuln/detail/CVE-2020-1749
CVE-2020-17408This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.https://nvd.nist.gov/vuln/detail/CVE-2020-17408
CVE-2020-16884A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16884
CVE-2020-16881A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16881
CVE-2020-16879An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16879
CVE-2020-16875A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16875
CVE-2020-16874A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.https://nvd.nist.gov/vuln/detail/CVE-2020-16874
CVE-2020-16873A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106, aka 'Xamarin.Forms Spoofing Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16873
CVE-2020-16856A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.https://nvd.nist.gov/vuln/detail/CVE-2020-16856
CVE-2020-16855An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-16855
CVE-2020-16228Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.https://nvd.nist.gov/vuln/detail/CVE-2020-16228
CVE-2020-16224Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.https://nvd.nist.gov/vuln/detail/CVE-2020-16224
CVE-2020-16222Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.https://nvd.nist.gov/vuln/detail/CVE-2020-16222
CVE-2020-16220Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.https://nvd.nist.gov/vuln/detail/CVE-2020-16220
CVE-2020-16218Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.https://nvd.nist.gov/vuln/detail/CVE-2020-16218
CVE-2020-16216Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.https://nvd.nist.gov/vuln/detail/CVE-2020-16216
CVE-2020-16214Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.https://nvd.nist.gov/vuln/detail/CVE-2020-16214
CVE-2020-16212Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.https://nvd.nist.gov/vuln/detail/CVE-2020-16212
CVE-2020-1598An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1598
CVE-2020-1596A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka 'TLS Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1596
CVE-2020-1593A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508.https://nvd.nist.gov/vuln/detail/CVE-2020-1593
CVE-2020-1592An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-16854.https://nvd.nist.gov/vuln/detail/CVE-2020-1592
CVE-2020-15903An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.https://nvd.nist.gov/vuln/detail/CVE-2020-15903
CVE-2020-1590An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1590
CVE-2020-1589An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854.https://nvd.nist.gov/vuln/detail/CVE-2020-1589
CVE-2020-15802Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.https://nvd.nist.gov/vuln/detail/CVE-2020-15802
CVE-2020-15785A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.https://nvd.nist.gov/vuln/detail/CVE-2020-15785
CVE-2020-15590A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically.https://nvd.nist.gov/vuln/detail/CVE-2020-15590
CVE-2020-1559An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.https://nvd.nist.gov/vuln/detail/CVE-2020-1559
CVE-2020-1532An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1532
CVE-2020-1523A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.https://nvd.nist.gov/vuln/detail/CVE-2020-1523
CVE-2020-15173In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions.https://nvd.nist.gov/vuln/detail/CVE-2020-15173
CVE-2020-15169In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.https://nvd.nist.gov/vuln/detail/CVE-2020-15169
CVE-2020-15168node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.https://nvd.nist.gov/vuln/detail/CVE-2020-15168
CVE-2020-15166In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.https://nvd.nist.gov/vuln/detail/CVE-2020-15166
CVE-2020-15163Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer.https://nvd.nist.gov/vuln/detail/CVE-2020-15163
CVE-2020-1508A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593.https://nvd.nist.gov/vuln/detail/CVE-2020-1508
CVE-2020-1507An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1507
CVE-2020-1506An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'Windows Start-Up Application Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1506
CVE-2020-15024An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation.https://nvd.nist.gov/vuln/detail/CVE-2020-15024
CVE-2020-1491An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1491
CVE-2020-1471An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1471
CVE-2020-1460A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1460
CVE-2020-1440A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523.https://nvd.nist.gov/vuln/detail/CVE-2020-1440
CVE-2020-14384A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.https://nvd.nist.gov/vuln/detail/CVE-2020-14384
CVE-2020-14363An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2020-14363
CVE-2020-14332A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.https://nvd.nist.gov/vuln/detail/CVE-2020-14332
CVE-2020-14330An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.https://nvd.nist.gov/vuln/detail/CVE-2020-14330
CVE-2020-14292In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.https://nvd.nist.gov/vuln/detail/CVE-2020-14292
CVE-2020-14198Bitcoin Core 0.20.0 allows remote denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-14198
CVE-2020-14100In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2020-14100
CVE-2020-14096Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process.https://nvd.nist.gov/vuln/detail/CVE-2020-14096
CVE-2020-1376An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159.https://nvd.nist.gov/vuln/detail/CVE-2020-1376
CVE-2020-1338A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.https://nvd.nist.gov/vuln/detail/CVE-2020-1338
CVE-2020-13318A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack.https://nvd.nist.gov/vuln/detail/CVE-2020-13318
CVE-2020-13317A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository.https://nvd.nist.gov/vuln/detail/CVE-2020-13317
CVE-2020-13316A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line.https://nvd.nist.gov/vuln/detail/CVE-2020-13316
CVE-2020-13315A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-13315
CVE-2020-13314A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.https://nvd.nist.gov/vuln/detail/CVE-2020-13314
CVE-2020-13313A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.https://nvd.nist.gov/vuln/detail/CVE-2020-13313
CVE-2020-13312A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-13312
CVE-2020-13311A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.https://nvd.nist.gov/vuln/detail/CVE-2020-13311
CVE-2020-13310A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-13310
CVE-2020-13309A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.https://nvd.nist.gov/vuln/detail/CVE-2020-13309
CVE-2020-13306A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.https://nvd.nist.gov/vuln/detail/CVE-2020-13306
CVE-2020-13305A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.https://nvd.nist.gov/vuln/detail/CVE-2020-13305
CVE-2020-13304A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions.https://nvd.nist.gov/vuln/detail/CVE-2020-13304
CVE-2020-13302A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.https://nvd.nist.gov/vuln/detail/CVE-2020-13302
CVE-2020-13301A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.https://nvd.nist.gov/vuln/detail/CVE-2020-13301
CVE-2020-13300GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.https://nvd.nist.gov/vuln/detail/CVE-2020-13300
CVE-2020-13299A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.https://nvd.nist.gov/vuln/detail/CVE-2020-13299
CVE-2020-13298A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied parameters, which resulted in the limited files disclosure.https://nvd.nist.gov/vuln/detail/CVE-2020-13298
CVE-2020-13297A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.https://nvd.nist.gov/vuln/detail/CVE-2020-13297
CVE-2020-13289A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated.https://nvd.nist.gov/vuln/detail/CVE-2020-13289
CVE-2020-13287A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issueshttps://nvd.nist.gov/vuln/detail/CVE-2020-13287
CVE-2020-13284A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Tokenhttps://nvd.nist.gov/vuln/detail/CVE-2020-13284
CVE-2020-1319A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129.https://nvd.nist.gov/vuln/detail/CVE-2020-1319
CVE-2020-13127A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter.https://nvd.nist.gov/vuln/detail/CVE-2020-13127
CVE-2020-1308An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053.https://nvd.nist.gov/vuln/detail/CVE-2020-1308
CVE-2020-1303An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1169.https://nvd.nist.gov/vuln/detail/CVE-2020-1303
CVE-2020-1285A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1285
CVE-2020-12789The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.https://nvd.nist.gov/vuln/detail/CVE-2020-12789
CVE-2020-12788CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.https://nvd.nist.gov/vuln/detail/CVE-2020-12788
CVE-2020-12787Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.https://nvd.nist.gov/vuln/detail/CVE-2020-12787
CVE-2020-1256An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1256
CVE-2020-1252A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1252
CVE-2020-1250An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941.https://nvd.nist.gov/vuln/detail/CVE-2020-1250
CVE-2020-1245An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1245
CVE-2020-1228A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836.https://nvd.nist.gov/vuln/detail/CVE-2020-1228
CVE-2020-1224An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1224
CVE-2020-1218A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.https://nvd.nist.gov/vuln/detail/CVE-2020-1218
CVE-2020-1205A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1205
CVE-2020-11998A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13https://nvd.nist.gov/vuln/detail/CVE-2020-11998
CVE-2020-11991When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.https://nvd.nist.gov/vuln/detail/CVE-2020-11991
CVE-2020-11986To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user.https://nvd.nist.gov/vuln/detail/CVE-2020-11986
CVE-2020-11881An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.https://nvd.nist.gov/vuln/detail/CVE-2020-11881
CVE-2020-1180A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172.https://nvd.nist.gov/vuln/detail/CVE-2020-1180
CVE-2020-1172A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180.https://nvd.nist.gov/vuln/detail/CVE-2020-1172
CVE-2020-1169An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303.https://nvd.nist.gov/vuln/detail/CVE-2020-1169
CVE-2020-11684AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the bootloader).https://nvd.nist.gov/vuln/detail/CVE-2020-11684
CVE-2020-11683A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system.https://nvd.nist.gov/vuln/detail/CVE-2020-11683
CVE-2020-1159An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376.https://nvd.nist.gov/vuln/detail/CVE-2020-1159
CVE-2020-1152An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1152
CVE-2020-1146An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766.https://nvd.nist.gov/vuln/detail/CVE-2020-1146
CVE-2020-1133An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.https://nvd.nist.gov/vuln/detail/CVE-2020-1133
CVE-2020-1130An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.https://nvd.nist.gov/vuln/detail/CVE-2020-1130
CVE-2020-1129A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319.https://nvd.nist.gov/vuln/detail/CVE-2020-1129
CVE-2020-1122An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1122
CVE-2020-1119An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka 'Windows Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1119
CVE-2020-1115An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1115
CVE-2020-1098An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Windows Shell Infrastructure Component Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1098
CVE-2020-10773A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.https://nvd.nist.gov/vuln/detail/CVE-2020-10773
CVE-2020-1053An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308.https://nvd.nist.gov/vuln/detail/CVE-2020-1053
CVE-2020-1052An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.https://nvd.nist.gov/vuln/detail/CVE-2020-1052
CVE-2020-1045A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1045
CVE-2020-1044A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1044
CVE-2020-1039A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1074.https://nvd.nist.gov/vuln/detail/CVE-2020-1039
CVE-2020-1038A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'.https://nvd.nist.gov/vuln/detail/CVE-2020-1038
CVE-2020-1034An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1034
CVE-2020-1033An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.https://nvd.nist.gov/vuln/detail/CVE-2020-1033
CVE-2020-1031An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1031
CVE-2020-1030An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1030
CVE-2020-10229A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.https://nvd.nist.gov/vuln/detail/CVE-2020-10229
CVE-2020-10228A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-10228
CVE-2020-10227A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.https://nvd.nist.gov/vuln/detail/CVE-2020-10227
CVE-2020-1013An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1013
CVE-2020-1012An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'WinINet API Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-1012
CVE-2020-0989An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0989
CVE-2020-0951A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0951
CVE-2020-0941An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250.https://nvd.nist.gov/vuln/detail/CVE-2020-0941
CVE-2020-0928An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.https://nvd.nist.gov/vuln/detail/CVE-2020-0928
CVE-2020-0922A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0922
CVE-2020-0921An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083.https://nvd.nist.gov/vuln/detail/CVE-2020-0921
CVE-2020-0914An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0914
CVE-2020-0912An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0912
CVE-2020-0911An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0911
CVE-2020-0908A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0908
CVE-2020-0904A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0890.https://nvd.nist.gov/vuln/detail/CVE-2020-0904
CVE-2020-0890A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904.https://nvd.nist.gov/vuln/detail/CVE-2020-0890
CVE-2020-0886An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559.https://nvd.nist.gov/vuln/detail/CVE-2020-0886
CVE-2020-0878A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0878
CVE-2020-0875An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0875
CVE-2020-0870An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0870
CVE-2020-0856An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664.https://nvd.nist.gov/vuln/detail/CVE-2020-0856
CVE-2020-0839An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0839
CVE-2020-0838An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0838
CVE-2020-0837A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'ADFS Spoofing Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0837
CVE-2020-0836A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228.https://nvd.nist.gov/vuln/detail/CVE-2020-0836
CVE-2020-0805A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Security Feature Bypass Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0805
CVE-2020-0790A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0790
CVE-2020-0782An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0782
CVE-2020-0766An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1146.https://nvd.nist.gov/vuln/detail/CVE-2020-0766
CVE-2020-0761A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0718.https://nvd.nist.gov/vuln/detail/CVE-2020-0761
CVE-2020-0718A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0761.https://nvd.nist.gov/vuln/detail/CVE-2020-0718
CVE-2020-0664An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0856.https://nvd.nist.gov/vuln/detail/CVE-2020-0664
CVE-2020-0648An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'.https://nvd.nist.gov/vuln/detail/CVE-2020-0648
CVE-2020-0570Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.https://nvd.nist.gov/vuln/detail/CVE-2020-0570