Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15680 | 1 Mozilla | 1 Firefox | 2020-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. | |||||
| CVE-2018-4468 | 1 Apple | 1 Mac Os X | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files. | |||||
| CVE-2019-8708 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files. | |||||
| CVE-2018-4391 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2018-4390 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2019-8612 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state. | |||||
| CVE-2019-8570 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-8834 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2020-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. | |||||
| CVE-2019-8780 | 1 Apple | 2 Iphone Os, Tvos | 2020-10-30 | 7.1 HIGH | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2018-4448 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory. | |||||
| CVE-2018-4444 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2020-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-8827 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2020-10-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. | |||||
| CVE-2019-8796 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2020-10-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. | |||||
| CVE-2020-9111 | 1 Huawei | 4 E6878-370, E6878-370 Firmware, E6878-870 and 1 more | 2020-10-29 | 2.7 LOW | 4.5 MEDIUM |
| E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. | |||||
| CVE-2020-27607 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-10-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties. | |||||
| CVE-2019-8538 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service. | |||||
| CVE-2019-7291 | 1 Apple | 1 Airport Base Station Firmware | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2020-7363 | 1 Ucweb | 1 Uc Browser | 2020-10-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions. | |||||
| CVE-2020-1665 | 1 Juniper | 17 Ex9200, Junos, Mx10 and 14 more | 2020-10-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2. | |||||
| CVE-2018-4339 | 1 Apple | 1 Iphone Os | 2020-10-28 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier. | |||||
| CVE-2020-9772 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-28 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2019-14713 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2020-10-28 | 2.1 LOW | 5.5 MEDIUM |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | |||||
| CVE-2020-9810 | 1 Apple | 1 Mac Os X | 2020-10-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window. | |||||
| CVE-2020-6022 | 1 Checkpoint | 1 Zonealarm | 2020-10-27 | 3.6 LOW | 5.5 MEDIUM |
| Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. | |||||
| CVE-2020-3514 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2020-10-27 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device. | |||||
| CVE-2020-14787 | 1 Oracle | 1 Communications Diameter Signaling Router | 2020-10-27 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14768 | 1 Oracle | 1 Hyperion Analytic Provider Services | 2020-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). | |||||
| CVE-2020-14854 | 1 Oracle | 1 Hyperion Infrastructure Technology | 2020-10-27 | 7.9 HIGH | 6.1 MEDIUM |
| Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2020-9997 | 1 Apple | 2 Mac Os X, Watchos | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. | |||||
| CVE-2020-1661 | 1 Juniper | 32 Ex2300, Ex2300-c, Ex3400 and 29 more | 2020-10-26 | 4.3 MEDIUM | 5.3 MEDIUM |
| On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5. | |||||
| CVE-2020-14783 | 1 Oracle | 2 Hospitality Res 3700, Hospitality Res 3700 Firmware | 2020-10-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14778 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Global Payroll Core | 2020-10-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Core accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Global Payroll Core. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2020-9935 | 1 Apple | 1 Mac Os X | 2020-10-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. | |||||
| CVE-2020-27013 | 1 Trendmicro | 1 Antivirus | 2020-10-26 | 3.6 LOW | 4.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-14840 | 1 Oracle | 1 Application Object Library | 2020-10-26 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
| CVE-2020-14788 | 1 Oracle | 1 Communications Diameter Signaling Router | 2020-10-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-25777 | 1 Trendmicro | 1 Antivirus | 2020-10-26 | 5.8 MEDIUM | 5.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-14772 | 1 Oracle | 1 Hyperion Lifecycle Management | 2020-10-26 | 2.1 LOW | 4.2 MEDIUM |
| Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | |||||
| CVE-2020-14877 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2020-10-26 | 7.5 HIGH | 6.5 MEDIUM |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2020-14795 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2020-10-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). | |||||
| CVE-2020-14826 | 1 Oracle | 1 Applications Manager | 2020-10-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14901 | 1 Oracle | 1 Database | 2020-10-23 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Security accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2020-14899 | 1 Oracle | 1 Application Express | 2020-10-23 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14823 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2020-10-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3 - 12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Technical Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2020-14813 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2020-10-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14741 | 1 Oracle | 1 Database Filesystem | 2020-10-23 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the Database Filesystem component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Resource, Create Table, Create View, Create Procedure, Dbfs_role privilege with network access via Oracle Net to compromise Database Filesystem. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Filesystem. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-14811 | 1 Oracle | 1 Applications Manager | 2020-10-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-14763 | 1 Oracle | 1 Application Express | 2020-10-23 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Quick Poll accessible data as well as unauthorized read access to a subset of Oracle Application Express Quick Poll accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-14858 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2020-10-23 | 8.5 HIGH | 6.8 MEDIUM |
| Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-14764 | 1 Oracle | 1 Hyperion Planning | 2020-10-23 | 2.1 LOW | 4.2 MEDIUM |
| Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Planning accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | |||||