Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4748 | 1 Ibm | 1 Spectrum Scale | 2020-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517. | |||||
| CVE-2020-4749 | 1 Ibm | 1 Spectrum Scale | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. | |||||
| CVE-2018-5354 | 1 Anixis | 1 Password Reset Client | 2020-10-20 | 5.8 MEDIUM | 8.8 HIGH |
| The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. | |||||
| CVE-2019-4680 | 1 Ibm | 1 Sterling B2b Integrator | 2020-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171733. | |||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
| CVE-2020-3598 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-10-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes. | |||||
| CVE-2020-1914 | 1 Facebook | 1 Hermes | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-8350 | 1 Lenovo | 2 Thinkpad Stack Wireless Router, Thinkpad Stack Wireless Router Firmware | 2020-10-20 | 5.8 MEDIUM | 8.8 HIGH |
| An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | |||||
| CVE-2019-4552 | 1 Ibm | 2 Security Access Manager, Security Verify Access | 2020-10-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960. | |||||
| CVE-2019-17444 | 1 Jfrog | 1 Artifactory | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0. | |||||
| CVE-2020-24316 | 1 Admin Menu Project | 1 Admin Menu | 2020-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. | |||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | |||||
| CVE-2020-24214 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. | |||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2020-10-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | |||||
| CVE-2019-5466 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names. | |||||
| CVE-2019-20079 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2020-10-20 | 6.8 MEDIUM | 7.8 HIGH |
| The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | |||||
| CVE-2020-9913 | 1 Apple | 1 Mac Os X | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | |||||
| CVE-2020-27157 | 1 Veritas | 1 Aptare | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. | |||||
| CVE-2020-27156 | 1 Veritas | 1 Aptare | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. | |||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | |||||
| CVE-2020-9936 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-13626 | 1 Oneplus | 1 App Locker | 2020-10-20 | 2.1 LOW | 4.6 MEDIUM |
| OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. | |||||
| CVE-2020-9934 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. | |||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2020-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | |||||
| CVE-2020-9931 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. | |||||
| CVE-2020-9925 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2020-9917 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-9916 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | |||||
| CVE-2020-9915 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2020-9914 | 1 Apple | 3 Ipad Os, Iphone Os, Tvos | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. | |||||
| CVE-2020-9911 | 1 Apple | 3 Ipad Os, Iphone Os, Safari | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. | |||||
| CVE-2020-9909 | 1 Apple | 4 Ipad Os, Iphone Os, Tvos and 1 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2020-9903 | 1 Apple | 3 Ipad Os, Iphone Os, Safari | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. | |||||
| CVE-2020-9895 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9894 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9893 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9884 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-20 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-9878 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-20 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9870 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2020-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | |||||
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2020-10-20 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-24889 | 1 Libraw | 1 Libraw | 2020-10-20 | 5.1 MEDIUM | 7.8 HIGH |
| A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | |||||
| CVE-2017-3136 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. | |||||
| CVE-2018-5741 | 1 Isc | 1 Bind | 2020-10-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. | |||||
| CVE-2019-6477 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). | |||||
| CVE-2020-8616 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-10-20 | 5.0 MEDIUM | 8.6 HIGH |
| A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. | |||||
| CVE-2020-8617 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | |||||
| CVE-2020-8618 | 1 Isc | 1 Bind | 2020-10-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | |||||
| CVE-2020-8619 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2020-10-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable. | |||||
| CVE-2020-8624 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2020-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | |||||
| CVE-2020-14338 | 1 Redhat | 1 Xerces | 2020-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. | |||||