Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5659 | 1 Riken | 1 Xoonips | 2020-11-20 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2020-5662 | 1 Riken | 1 Xoonips | 2020-11-20 | 3.5 LOW | 5.4 MEDIUM |
| Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2020-5663 | 1 Riken | 1 Xoonips | 2020-11-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2020-5664 | 1 Riken | 1 Xoonips | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2020-23139 | 1 Microweber | 1 Microweber | 2020-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. | |||||
| CVE-2020-23140 | 1 Microweber | 1 Microweber | 2020-11-20 | 5.8 MEDIUM | 8.1 HIGH |
| Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active. | |||||
| CVE-2020-23138 | 1 Microweber | 1 Microweber | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | |||||
| CVE-2020-11123 | 1 Qualcomm | 230 Apq8009, Apq8009 Firmware, Apq8009w and 227 more | 2020-11-19 | 2.1 LOW | 5.5 MEDIUM |
| u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | |||||
| CVE-2020-11121 | 1 Qualcomm | 62 Qcm4290, Qcm4290 Firmware, Qcs4290 and 59 more | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-11132 | 1 Qualcomm | 162 Apq8009, Apq8009 Firmware, Apq8096au and 159 more | 2020-11-19 | 3.6 LOW | 7.1 HIGH |
| u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | |||||
| CVE-2020-13360 | 2020-11-19 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-11130 | 1 Qualcomm | 62 Qcm4290, Qcm4290 Firmware, Qcs4290 and 59 more | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-11127 | 1 Qualcomm | 106 Mdm9205, Mdm9205 Firmware, Qcm4290 and 103 more | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P | |||||
| CVE-2020-26672 | 1 Testimonial Rotator Project | 1 Testimonial Rotator | 2020-11-19 | 3.5 LOW | 5.4 MEDIUM |
| Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database. | |||||
| CVE-2020-11131 | 1 Qualcomm | 28 Apq8009, Apq8009 Firmware, Apq8053 and 25 more | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330 | |||||
| CVE-2020-5652 | 1 Mitsubishielectric | 102 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 99 more | 2020-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions '52' and earlier, R 08/16/32/120 SFCPU firmware versions '22' and earlier, R 08/16/32/120 PCPU all versions, R 08/16/32/120 PSFCPU all versions, R 16/32/64 MTCPU all versions, Q03 UDECPU, Q 04/06/10/13/20/26/50/100 UDEHCPU serial number '22081' and earlier , Q 03/04/06/13/26 UDVCPU serial number '22031' and earlier, Q 04/06/13/26 UDPVCPU serial number '22031' and earlier, Q 172/173 DCPU all versions, Q 172/173 DSCPU all versions, Q 170 MCPU all versions, Q 170 MSCPU all versions, L 02/06/26 CPU (-P) and L 26 CPU - (P) BT all versions) allows a remote unauthenticated attacker to stop the Ethernet communication functions of the products via a specially crafted packet, which may lead to a denial of service (DoS) condition . | |||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2020-11-19 | 7.2 HIGH | 6.2 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | |||||
| CVE-2020-11168 | 1 Qualcomm | 122 Apq8009, Apq8009 Firmware, Apq8009w and 119 more | 2020-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330 | |||||
| CVE-2020-8013 | 1 Suse | 1 Linux Enterprise Server | 2020-11-19 | 1.9 LOW | 2.5 LOW |
| A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. | |||||
| CVE-2020-11175 | 1 Qualcomm | 62 Apq8009w, Apq8009w Firmware, Msm8909w and 59 more | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P | |||||
| CVE-2020-11184 | 1 Qualcomm | 58 Qcm4290, Qcm4290 Firmware, Qcs4290 and 55 more | 2020-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-14240 | 1 Hcltech | 1 Notes | 2020-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-26207 | 1 Databaseschemareader Project | 1 Dbschemareader | 2020-11-19 | 6.8 MEDIUM | 8.0 HIGH |
| DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened. | |||||
| CVE-2020-4097 | 1 Hcltech | 1 Notes | 2020-11-19 | 4.6 MEDIUM | 6.8 MEDIUM |
| In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. | |||||
| CVE-2018-12617 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | |||||
| CVE-2020-8267 | 1 Ui | 1 Unifi Protect Firmware | 2020-11-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. | |||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2020-11-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | |||||
| CVE-2020-28045 | 1 Pax | 1 Prolinos | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD. | |||||
| CVE-2020-6014 | 1 Checkpoint | 1 Endpoint Security | 2020-11-19 | 4.4 MEDIUM | 6.5 MEDIUM |
| Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. | |||||
| CVE-2020-28349 | 1 Chirpstack | 1 Network Server | 2020-11-19 | 6.8 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network." | |||||
| CVE-2020-26507 | 1 Marmind | 1 Marmind | 2020-11-19 | 9.3 HIGH | 7.8 HIGH |
| A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC. | |||||
| CVE-2020-25661 | 1 Redhat | 1 Enterprise Linux | 2020-11-19 | 8.3 HIGH | 8.8 HIGH |
| A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-3632 | 1 Qualcomm | 38 Qsm8350, Qsm8350 Firmware, Sc7180 and 35 more | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-26086 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2020-11-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | |||||
| CVE-2020-26084 | 1 Cisco | 1 Edge Fog Fabric | 2020-11-19 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | |||||
| CVE-2020-26083 | 1 Cisco | 1 Identity Services Engine | 2020-11-19 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | |||||
| CVE-2020-0592 | 1 Intel | 230 Bios, Core I5-7640x, Core I7-3820 and 227 more | 2020-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | |||||
| CVE-2020-0584 | 1 Intel | 8 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 5 more | 2020-11-19 | 2.1 LOW | 6.2 MEDIUM |
| Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2019-11121 | 2 Intel, Microsoft | 2 Media Sdk, Windows | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-3639 | 1 Qualcomm | 178 Apq8009, Apq8009 Firmware, Apq8017 and 175 more | 2020-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130 | |||||
| CVE-2020-28250 | 1 Cellinx | 1 Nvt Web Server | 2020-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. | |||||
| CVE-2018-19351 | 1 Jupyter | 1 Notebook | 2020-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHandler and NbconvertPostHandler do not set a Content Security Policy to prevent this. | |||||
| CVE-2018-21030 | 1 Jupyter | 1 Notebook | 2020-11-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. | |||||
| CVE-2018-8768 | 1 Jupyter | 1 Notebook | 2020-11-19 | 6.8 MEDIUM | 7.8 HIGH |
| In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. | |||||
| CVE-2020-25832 | 1 Microfocus | 1 Filr | 2020-11-19 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. | |||||
| CVE-2020-25833 | 1 Microfocus | 1 Idol | 2020-11-19 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | |||||
| CVE-2017-18926 | 2 Debian, Librdf | 2 Debian Linux, Raptor Rdf Syntax Library | 2020-11-19 | 5.8 MEDIUM | 7.1 HIGH |
| raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | |||||
| CVE-2020-0588 | 1 Intel | 76 Bios, Xeon Bronze 3204, Xeon Bronze 3206r and 73 more | 2020-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0587 | 1 Intel | 114 Bios, Core I5-7640x, Core I7-3820 and 111 more | 2020-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-6621 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-11-19 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations. | |||||