Original release date: November 2, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — airport_base_station_firmware | An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory. | 2020-10-27 | 7.5 |
CVE-2019-8581 MISC MISC |
apple — airport_base_station_firmware | A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | 2020-10-27 | 7.5 |
CVE-2019-8578 MISC MISC |
apple — airport_base_station_firmware | A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. | 2020-10-27 | 7.5 |
CVE-2019-8572 MISC MISC |
apple — airport_base_station_firmware | A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service. | 2020-10-27 | 7.8 |
CVE-2019-8588 MISC MISC |
apple — icloud | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | 2020-10-27 | 7.5 |
CVE-2019-8746 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2019-8835 MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | 2020-10-27 | 7.5 |
CVE-2019-8749 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | 2020-10-27 | 7.5 |
CVE-2019-8756 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2019-8844 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. | 2020-10-27 | 7.2 |
CVE-2020-3864 MISC MISC MISC MISC MISC MISC |
apple — icloud | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2019-8846 MISC MISC MISC MISC MISC MISC |
apple — ipad_os | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8740 MISC MISC MISC |
apple — ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2019-8830 MISC MISC MISC MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8828 MISC MISC MISC MISC |
apple — ipados | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 7.2 |
CVE-2019-8841 MISC |
apple — ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2020-3880 MISC MISC MISC MISC |
apple — ipados | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8829 MISC MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8838 MISC MISC MISC MISC |
apple — ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | 2020-10-27 | 9.3 |
CVE-2020-9973 MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2019-8832 MISC MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2019-8831 MISC MISC MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8836 MISC MISC MISC |
apple — ipados | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8833 MISC MISC MISC MISC |
apple — iphone_os | An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. | 2020-10-27 | 7.8 |
CVE-2019-8573 MISC MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8718 MISC MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8709 MISC MISC MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout. | 2020-10-27 | 7.1 |
CVE-2019-8780 MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2019-8715 MISC MISC MISC |
apple — iphone_os | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 7.2 |
CVE-2019-8528 MISC MISC MISC |
apple — iphone_os | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory. | 2020-10-27 | 7.5 |
CVE-2019-8547 MISC MISC MISC MISC |
apple — iphone_os | A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | 2020-10-27 | 7.5 |
CVE-2019-8531 MISC MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 10 |
CVE-2019-8712 MISC MISC MISC |
apple — iphone_os | The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos . | 2020-10-27 | 7.5 |
CVE-2019-7288 MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 7.2 |
CVE-2019-8525 MISC MISC MISC MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 10 |
CVE-2019-8716 MISC |
apple — mac_os_x | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files. | 2020-10-27 | 9.3 |
CVE-2019-8837 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8852 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8847 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 9.3 |
CVE-2019-8824 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2020-3863 MISC |
apple — mac_os_x | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption. | 2020-10-27 | 7.5 |
CVE-2019-8767 MISC MISC |
apple — mac_os_x | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution. | 2020-10-27 | 7.5 |
CVE-2020-9866 MISC |
apple — mac_os_x | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2019-8539 MISC |
apple — mac_os_x | A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2018-4452 MISC MISC |
apple — mac_os_x | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-10-27 | 7.2 |
CVE-2019-8534 MISC |
apple — mac_os_x | This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. | 2020-10-27 | 9.3 |
CVE-2018-4451 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | 9.3 |
CVE-2019-8776 MISC |
arubanetworks — airwave_glass | A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 7.5 |
CVE-2020-7124 MISC |
arubanetworks — airwave_glass | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 9 |
CVE-2020-24631 MISC |
arubanetworks — airwave_glass | A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 9 |
CVE-2020-24632 MISC |
arubanetworks — airwave_glass | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 7.5 |
CVE-2020-7127 MISC |
crmeb — crmeb | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | 2020-10-23 | 7.5 |
CVE-2020-25466 MISC MISC MISC |
fruitywifi_project — fruitywifi | FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. | 2020-10-23 | 7.2 |
CVE-2020-24848 MISC |
getgophish — gophish | Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | 2020-10-28 | 9.3 |
CVE-2020-24707 MISC MISC MISC |
ibm — i2_analysts_notebook | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868. | 2020-10-29 | 9.3 |
CVE-2020-4721 XF CONFIRM |
ibm — i2_analysts_notebook | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | 2020-10-29 | 9.3 |
CVE-2020-4724 XF CONFIRM |
ibm — i2_analysts_notebook | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870. | 2020-10-29 | 9.3 |
CVE-2020-4722 XF CONFIRM |
ibm — i2_analysts_notebook | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873. | 2020-10-29 | 9.3 |
CVE-2020-4723 XF CONFIRM |
illumos — illumos | An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | 2020-10-26 | 7.5 |
CVE-2020-27678 MISC |
kde — partition_manager | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. | 2020-10-26 | 7.2 |
CVE-2020-27187 MISC MISC CONFIRM |
konzept-ix — publixone | A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. | 2020-10-27 | 7.5 |
CVE-2020-27183 MISC MISC |
oscommerce — oscommerce | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | 2020-10-28 | 10 |
CVE-2020-27976 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1password — command-line | An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user’s encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption. | 2020-10-27 | 5 |
CVE-2020-10256 MISC CONFIRM MISC |
antsword_project — antsword | AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. | 2020-10-26 | 4.3 |
CVE-2020-25470 MISC |
antsword_project — antsword | A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | 2020-10-26 | 6.8 |
CVE-2020-18766 MISC |
apple — airport_base_station_firmware | A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. | 2020-10-27 | 4 |
CVE-2019-7291 MISC MISC |
apple — airport_base_station_firmware | The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information. | 2020-10-27 | 5 |
CVE-2019-8575 MISC MISC |
apple — airport_base_station_firmware | Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted. | 2020-10-27 | 5 |
CVE-2019-8580 MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8728 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8734 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8751 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8639 MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8638 MISC MISC MISC MISC MISC |
apple — icloud | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. | 2020-10-27 | 4.3 |
CVE-2019-8827 MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8752 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8773 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. | 2020-10-27 | 6.8 |
CVE-2019-8848 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. | 2020-10-27 | 4.3 |
CVE-2019-8762 MISC MISC MISC MISC MISC MISC |
apple — icloud | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8825 MISC MISC MISC MISC MISC MISC |
apple — icloud | A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. | 2020-10-27 | 4 |
CVE-2019-8834 MISC MISC MISC MISC MISC MISC MISC |
apple — icloud | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. | 2020-10-27 | 4.3 |
CVE-2019-8582 MISC MISC MISC MISC MISC |
apple — icloud | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. | 2020-10-27 | 5 |
CVE-2018-4474 MISC MISC MISC MISC MISC MISC |
apple — icloud | A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information. | 2020-10-27 | 4.3 |
CVE-2019-8570 MISC MISC MISC MISC MISC |
apple — ipad_os | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service. | 2020-10-27 | 4.3 |
CVE-2019-8774 MISC MISC |
apple — ipad_os | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8706 MISC MISC MISC MISC MISC |
apple — ipados | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory. | 2020-10-27 | 4.3 |
CVE-2019-8850 MISC MISC MISC MISC MISC |
apple — ipados | A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. | 2020-10-27 | 4.3 |
CVE-2019-8796 MISC MISC MISC MISC |
apple — ipados | An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans. | 2020-10-27 | 4.3 |
CVE-2019-8856 MISC MISC MISC |
apple — ipados | This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | 2020-10-27 | 4 |
CVE-2019-8901 MISC |
apple — iphone_os | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack. | 2020-10-27 | 4.3 |
CVE-2019-8753 MISC MISC MISC MISC |
apple — iphone_os | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service. | 2020-10-27 | 4.3 |
CVE-2018-4381 MISC MISC |
apple — iphone_os | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8592 MISC MISC MISC MISC MISC MISC MISC MISC |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state. | 2020-10-27 | 4 |
CVE-2019-8612 MISC MISC MISC MISC MISC |
apple — iphone_os | A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout. | 2020-10-27 | 4.3 |
CVE-2019-8744 MISC MISC MISC MISC MISC |
apple — iphone_os | A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service. | 2020-10-27 | 4.3 |
CVE-2019-8668 MISC MISC MISC |
apple — iphone_os | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service. | 2020-10-27 | 4.3 |
CVE-2019-8664 MISC MISC |
apple — iphone_os | A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. | 2020-10-27 | 5 |
CVE-2019-8854 MISC MISC MISC MISC |
apple — iphone_os | A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service. | 2020-10-27 | 4.3 |
CVE-2019-8538 MISC MISC MISC |
apple — iphone_os | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files. | 2020-10-27 | 4.3 |
CVE-2019-8532 MISC MISC |
apple — iphone_os | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | 2020-10-27 | 4.3 |
CVE-2018-4391 MISC MISC MISC |
apple — iphone_os | A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions. | 2020-10-27 | 5 |
CVE-2019-8618 MISC MISC MISC |
apple — iphone_os | A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. | 2020-10-27 | 5 |
CVE-2019-8631 MISC MISC MISC |
apple — iphone_os | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. | 2020-10-27 | 5 |
CVE-2019-8633 MISC MISC MISC MISC |
apple — iphone_os | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | 2020-10-27 | 4.3 |
CVE-2018-4390 MISC MISC MISC |
apple — itunes | A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information. | 2020-10-27 | 4.3 |
CVE-2018-4444 MISC MISC MISC MISC |
apple — itunes | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | 2020-10-27 | 4.3 |
CVE-2019-8898 MISC MISC MISC MISC |
apple — mac_os_x | This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files. | 2020-10-27 | 4.3 |
CVE-2018-4468 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-8826 MISC |
apple — mac_os_x | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2020-9961 MISC |
apple — mac_os_x | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted package may lead to arbitrary code execution. | 2020-10-27 | 6.8 |
CVE-2019-6238 MISC |
apple — mac_os_x | A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state. | 2020-10-27 | 5 |
CVE-2019-8564 MISC |
apple — mac_os_x | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. | 2020-10-27 | 6.5 |
CVE-2019-8696 MISC |
apple — mac_os_x | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information. | 2020-10-27 | 4.3 |
CVE-2019-8761 MISC MISC |
apple — mac_os_x | A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information. | 2020-10-27 | 4.3 |
CVE-2019-8754 MISC |
apple — mac_os_x | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files. | 2020-10-27 | 5.8 |
CVE-2020-3855 MISC |
apple — mac_os_x | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A malicious application may be able to elevate privileges. | 2020-10-27 | 6.8 |
CVE-2019-8509 MISC MISC |
apple — mac_os_x | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. | 2020-10-27 | 6.5 |
CVE-2019-8675 MISC |
apple — mac_os_x | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to elevate privileges. | 2020-10-27 | 6.8 |
CVE-2018-4467 MISC MISC |
apple — mac_os_x | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory. | 2020-10-27 | 6.6 |
CVE-2019-8759 MISC MISC |
apple — mac_os_x | This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose. | 2020-10-27 | 4.3 |
CVE-2020-9786 MISC |
apple — mac_os_x | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari. | 2020-10-27 | 4.3 |
CVE-2020-9857 MISC |
apple — mac_os_x | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files. | 2020-10-27 | 4.3 |
CVE-2019-8855 MISC |
apple — mac_os_x | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory. | 2020-10-27 | 4.3 |
CVE-2019-8853 MISC MISC |
apple — mac_os_x | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack. | 2020-10-27 | 4.3 |
CVE-2019-8839 MISC |
apple — mac_os_x | An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to gain elevated privileges. | 2020-10-27 | 4.6 |
CVE-2019-8579 MISC |
apple — mac_os_x | An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information. | 2020-10-27 | 4 |
CVE-2019-8736 MISC MISC |
apple — mac_os_x | A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack. | 2020-10-27 | 4 |
CVE-2019-8737 MISC MISC |
apple — mac_os_x | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state. | 2020-10-27 | 5 |
CVE-2020-9941 MISC |
apple — mac_os_x | An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed. | 2020-10-27 | 5 |
CVE-2020-9774 MISC |
apple — music | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user’s credentials. | 2020-10-27 | 4.3 |
CVE-2020-9982 MISC |
apple — safari | A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | 2020-10-27 | 5.8 |
CVE-2020-9860 MISC |
apple — safari | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | 2020-10-27 | 4.3 |
CVE-2019-8771 MISC MISC |
arubanetworks — airwave_glass | A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 6.5 |
CVE-2020-7125 MISC |
arubanetworks — airwave_glass | A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 2020-10-26 | 5 |
CVE-2020-7126 MISC |
belkin — linksys_wrt_160nl_firmware | ** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2020-10-23 | 6.5 |
CVE-2020-26561 MISC |
checkpoint — zonealarm | Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. | 2020-10-27 | 4.6 |
CVE-2020-6023 MISC |
fireeye — email_malware_protection_system | eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature. | 2020-10-26 | 4 |
CVE-2020-25034 MISC |
fruitywifi_project — fruitywifi | A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase. | 2020-10-23 | 4.3 |
CVE-2020-24847 MISC |
getgophish — gophish | Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | 2020-10-28 | 5 |
CVE-2020-24713 MISC |
getgophish — gophish | Gophish before 0.11.0 allows SSRF attacks. | 2020-10-28 | 5 |
CVE-2020-24710 MISC MISC MISC |
getgophish — gophish | The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack | 2020-10-28 | 4.3 |
CVE-2020-24711 MISC MISC MISC |
git-tag-annotation-action_project — git-tag-annotation-action | In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version 1.0.1. If you don’t use the `tag` input you are most likely safe. The `GITHUB_REF` environment variable is protected by the GitHub Actions environment so attacks from there should be impossible. If you must use the `tag` input and cannot upgrade to `> 1.0.0` make sure that the value is not controlled by another Action. | 2020-10-26 | 6.5 |
CVE-2020-15272 MISC MISC CONFIRM |
grafana — grafana | Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | 2020-10-28 | 4.3 |
CVE-2020-24303 MISC MISC |
hp — bluedata_epic | The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url “/bdswebui/assignusers/”. | 2020-10-26 | 4 |
CVE-2020-7196 MISC |
ibm — i2_ibase | IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. | 2020-10-30 | 5 |
CVE-2020-4584 XF CONFIRM |
ibm — i2_ibase | IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. | 2020-10-30 | 6.8 |
CVE-2020-4588 XF CONFIRM |
ibm — security_directory_server | IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 166624. | 2020-10-29 | 5 |
CVE-2019-4563 XF CONFIRM |
ibm — security_directory_server | IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949. | 2020-10-29 | 5 |
CVE-2019-4547 XF CONFIRM |
ibm — sterling_connect | IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906. | 2020-10-28 | 5 |
CVE-2020-4767 XF CONFIRM |
ibm — websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. | 2020-10-28 | 4 |
CVE-2020-4782 XF CONFIRM |
iobit — malware_fighter | An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder. | 2020-10-27 | 6.9 |
CVE-2020-23864 MISC |
konzept-ix — publixone | konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | 2020-10-27 | 5 |
CVE-2020-27180 MISC MISC |
konzept-ix — publixone | A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | 2020-10-27 | 6.4 |
CVE-2020-27181 MISC MISC |
konzept-ix — publixone | Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form. | 2020-10-27 | 4.3 |
CVE-2020-27182 MISC MISC |
motion_project — motion | A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. | 2020-10-26 | 5 |
CVE-2020-26566 MISC MISC MISC |
neopost — neopost_mail_accounting | NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS. | 2020-10-28 | 4.3 |
CVE-2020-27974 MISC |
netapp — clustered_data_ontap | Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS). | 2020-10-27 | 5 |
CVE-2020-8579 MISC |
npmjs — npm-user-validate | This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. | 2020-10-27 | 5 |
CVE-2020-7754 CONFIRM CONFIRM CONFIRM CONFIRM |
nvidia — geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 2020-10-23 | 4.4 |
CVE-2020-5977 CONFIRM |
nvidia — geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure. | 2020-10-23 | 4.6 |
CVE-2020-5990 CONFIRM |
nvidia — geforce_experience | NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges. | 2020-10-23 | 4.6 |
CVE-2020-5978 CONFIRM |
octopus — octopus_deploy | In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 2020-10-26 | 5.8 |
CVE-2020-26161 MISC MISC |
open-xchange — open-xchange_appsuite | OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. | 2020-10-23 | 4 |
CVE-2020-15002 CONFIRM MISC |
open-xchange — open-xchange_appsuite | OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | 2020-10-23 | 4 |
CVE-2020-15003 CONFIRM MISC |
oscommerce — oscommerce | osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | 2020-10-28 | 6.8 |
CVE-2020-27975 MISC |
pulsesecure — pulse_secure_desktop_client | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. | 2020-10-28 | 6.5 |
CVE-2020-8260 MISC |
pulsesecure — pulse_secure_desktop_client | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | 2020-10-28 | 4.6 |
CVE-2020-8250 MISC |
pulsesecure — pulse_secure_desktop_client | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. | 2020-10-28 | 4.6 |
CVE-2020-8248 MISC |
pulsesecure — pulse_secure_desktop_client | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages. | 2020-10-28 | 4 |
CVE-2020-8255 MISC |
sonicwall — global_vpn_client | SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. | 2020-10-28 | 6.9 |
CVE-2020-5145 CONFIRM |
systeminformation — systeminformation | This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl’s parameters to overwrite Javascript files and then execute any OS commands. | 2020-10-26 | 6.5 |
CVE-2020-7752 CONFIRM CONFIRM CONFIRM |
thembay — greenmart | The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. | 2020-10-27 | 4.3 |
CVE-2020-16140 MISC |
trim_project — trim | All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | 2020-10-27 | 5 |
CVE-2020-7753 MISC MISC MISC MISC |
verifone — mx900_firmware | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | 2020-10-23 | 4.4 |
CVE-2019-14711 MISC |
verifone — mx900_firmware | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | 2020-10-23 | 4.6 |
CVE-2019-14719 MISC |
verifone — mx900_firmware | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | 2020-10-23 | 4.6 |
CVE-2019-14718 MISC |
verifone — p400_firmware | Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | 2020-10-23 | 4.6 |
CVE-2019-14715 MISC |
verifone — verix_os | Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | 2020-10-23 | 4.6 |
CVE-2019-14716 MISC |
verifone — verix_os | Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | 2020-10-23 | 4.6 |
CVE-2019-14712 MISC |
verifone — verix_os | Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | 2020-10-23 | 4.6 |
CVE-2019-14717 MISC |
victor_cms_project — victor_cms | A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. | 2020-10-27 | 5 |
CVE-2020-23945 MISC |
vmware — horizon_client | VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | 2020-10-23 | 4 |
CVE-2020-3998 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — ipados | A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content. | 2020-10-27 | 2.1 |
CVE-2020-9979 MISC MISC |
apple — ipados | This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications. | 2020-10-27 | 2.1 |
CVE-2019-8799 MISC MISC MISC MISC |
apple — ipados | A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier. | 2020-10-27 | 2.1 |
CVE-2019-8809 MISC MISC MISC MISC MISC |
apple — iphone_os | A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen. | 2020-10-27 | 3.6 |
CVE-2018-4428 MISC |
apple — iphone_os | This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier. | 2020-10-27 | 2.1 |
CVE-2018-4339 MISC |
apple — iphone_os | The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device. | 2020-10-27 | 2.1 |
CVE-2019-8732 MISC |
apple — iphone_os | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files. | 2020-10-27 | 2.1 |
CVE-2019-8708 MISC MISC MISC |
apple — iphone_os | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory. | 2020-10-27 | 2.1 |
CVE-2018-4448 MISC MISC MISC MISC MISC |
apple — iphone_os | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system. | 2020-10-27 | 2.1 |
CVE-2018-4433 MISC MISC MISC MISC MISC |
apple — mac_os_x | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. | 2020-10-27 | 2.1 |
CVE-2019-8777 MISC |
apple — mac_os_x | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs. | 2020-10-27 | 2.6 |
CVE-2019-8842 MISC |
checkpoint — zonealarm | Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. | 2020-10-27 | 3.6 |
CVE-2020-6022 MISC |
comtrend — ar-5387un_firmware | A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | 2020-10-23 | 3.5 |
CVE-2018-8062 MISC |
getgophish — gophish | Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form. | 2020-10-28 | 3.5 |
CVE-2020-24708 MISC MISC |
getgophish — gophish | Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page. | 2020-10-28 | 3.5 |
CVE-2020-24712 MISC MISC MISC |
getgophish — gophish | Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template. | 2020-10-28 | 3.5 |
CVE-2020-24709 MISC |
ibm — resilient_security_orchestration_automation_and_response | IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567. | 2020-10-29 | 3.3 |
CVE-2020-4864 XF CONFIRM |
open-xchange — open-xchange_appsuite | OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. | 2020-10-23 | 3.5 |
CVE-2020-15004 MISC MISC |
openr — opentmpfiles | opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. | 2020-10-26 | 2.1 |
CVE-2017-18925 MISC |
pulsesecure — pulse_secure_desktop | Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users’ passwords if Save Settings is enabled. | 2020-10-27 | 1.9 |
CVE-2020-8956 MISC |
pulsesecure — pulse_secure_desktop_client | A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. | 2020-10-28 | 3.5 |
CVE-2020-8263 MISC |
requarks — wiki.js | In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results. | 2020-10-26 | 3.5 |
CVE-2020-15274 MISC MISC CONFIRM |
verifone — mx900_firmware | Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | 2020-10-23 | 2.1 |
CVE-2019-14713 MISC |
vmware — horizon | VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | 2020-10-23 | 3.5 |
CVE-2020-3997 MISC |
yourls — yourls | Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 – 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. | 2020-10-23 | 3.5 |
CVE-2020-27388 MISC MISC MISC |
zte — evdc | A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04 | 2020-10-26 | 3.5 |
CVE-2020-6876 MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — ios_and_ipados |
The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel. | 2020-10-27 | not yet calculated |
CVE-2019-8857 MISC |
apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake. | 2020-10-27 | not yet calculated |
CVE-2019-8851 MISC |
apple — macos | A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions. | 2020-10-27 | not yet calculated |
CVE-2019-8640 MISC |
apple — macos |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges. | 2020-10-27 | not yet calculated |
CVE-2019-8569 MISC MISC |
apple — macos | An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | 2020-10-27 | not yet calculated |
CVE-2019-8642 MISC |
apple — macos |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | 2020-10-27 | not yet calculated |
CVE-2020-9782 MISC |
apple — macos |
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail. | 2020-10-27 | not yet calculated |
CVE-2019-8645 MISC |
apple — macos |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. | 2020-10-27 | not yet calculated |
CVE-2020-3851 MISC MISC |
apple — macos |
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. | 2020-10-27 | not yet calculated |
CVE-2019-8656 MISC |
apple — macos |
This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. | 2020-10-27 | not yet calculated |
CVE-2018-4296 MISC |
apple — macos_catalina |
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. | 2020-10-27 | not yet calculated |
CVE-2019-8858 MISC |
apple — multiple_products |
A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-10-27 | not yet calculated |
CVE-2020-9932 MISC MISC MISC |
apple — safari |
A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. | 2020-10-27 | not yet calculated |
CVE-2020-3852 MISC |
apple — swift_for_ubuntu |
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | 2020-10-27 | not yet calculated |
CVE-2019-8790 MISC |
apple — xcode |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges. | 2020-10-27 | not yet calculated |
CVE-2019-8840 MISC |
arista — cloudvision_exchange_server |
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet. | 2020-10-26 | not yet calculated |
CVE-2020-13100 CONFIRM |
arista — eos |
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router. | 2020-10-26 | not yet calculated |
CVE-2020-15897 CONFIRM |
basercms — basercms |
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. | 2020-10-30 | not yet calculated |
CVE-2020-15273 MISC CONFIRM MISC |
basercms — basercms |
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. | 2020-10-30 | not yet calculated |
CVE-2020-15276 MISC MISC CONFIRM |
basercms — basercms |
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. | 2020-10-30 | not yet calculated |
CVE-2020-15277 MISC MISC CONFIRM |
broadleaf_commerce — broadleaf_framework |
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. | 2020-10-29 | not yet calculated |
CVE-2020-21266 MISC |
canonical — ubuntu |
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. | 2020-10-31 | not yet calculated |
CVE-2020-15703 CONFIRM MISC |
chart.js — chart.js |
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. | 2020-10-29 | not yet calculated |
CVE-2020-7746 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
citadel — webcit |
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. | 2020-10-28 | not yet calculated |
CVE-2020-27740 MISC MISC |
citadel — webcit |
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. | 2020-10-28 | not yet calculated |
CVE-2020-27741 MISC MISC |
citadel — webcit |
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else’s emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. | 2020-10-28 | not yet calculated |
CVE-2020-27742 MISC MISC |
citadel — webcit |
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. | 2020-10-28 | not yet calculated |
CVE-2020-27739 MISC MISC |
click_studios — passwordstate |
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. | 2020-10-29 | not yet calculated |
CVE-2020-27747 MISC MISC |
codemirror — codemirror |
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* | 2020-10-30 | not yet calculated |
CVE-2020-7760 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
commscope — ruckus |
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py. | 2020-10-26 | not yet calculated |
CVE-2020-26878 MISC MISC MISC CONFIRM MISC MISC |
commscope — rukus_vriot |
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | 2020-10-26 | not yet calculated |
CVE-2020-26879 MISC MISC MISC CONFIRM MISC MISC |
commvault — commcell |
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. | 2020-10-29 | not yet calculated |
CVE-2020-25780 MISC |
cyberark — privileged_session_manager |
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | 2020-10-28 | not yet calculated |
CVE-2020-25374 MISC MISC |
dat.gui — dat.gui |
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values. | 2020-10-27 | not yet calculated |
CVE-2020-7755 MISC MISC |
debian — blueman |
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules. | 2020-10-27 | not yet calculated |
CVE-2020-15238 MISC MISC MISC CONFIRM DEBIAN |
eyesofnetwork — eonweb |
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). | 2020-10-29 | not yet calculated |
CVE-2020-27886 MISC MISC MISC |
eyesofnetwork — eonweb |
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | 2020-10-29 | not yet calculated |
CVE-2020-27887 MISC MISC MISC |
f5 — big-ip | On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. | 2020-10-29 | not yet calculated |
CVE-2020-5936 MISC |
f5 — big-ip |
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. | 2020-10-29 | not yet calculated |
CVE-2020-5938 MISC |
f5 — big-ip |
On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. | 2020-10-29 | not yet calculated |
CVE-2020-5937 MISC |
f5 — big-ip |
On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. | 2020-10-29 | not yet calculated |
CVE-2020-5931 MISC |
f5 — big-ip |
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. | 2020-10-29 | not yet calculated |
CVE-2020-5932 MISC |
f5 — big-ip |
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. | 2020-10-29 | not yet calculated |
CVE-2020-5934 MISC |
f5 — big-ip |
On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file. | 2020-10-29 | not yet calculated |
CVE-2020-5935 MISC |
f5 — big-ip |
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. | 2020-10-29 | not yet calculated |
CVE-2020-5933 MISC |
facebook — hermes |
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | 2020-10-26 | not yet calculated |
CVE-2020-1915 CONFIRM CONFIRM |
fastreport — fastreport |
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. | 2020-10-29 | not yet calculated |
CVE-2020-27998 MISC MISC MISC |
firefly_iii — firefly_iii |
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled. | 2020-10-28 | not yet calculated |
CVE-2020-27981 MISC MISC |
genexis — platnium-4410-v2-1.28_devices |
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | 2020-10-28 | not yet calculated |
CVE-2020-27980 MISC MISC |
god_kings — god_kings |
The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications. | 2020-10-28 | not yet calculated |
CVE-2020-25204 MISC |
hewlett_packard — storeserv_management_console |
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later. | 2020-10-26 | not yet calculated |
CVE-2020-7197 MISC |
hrsale — hrsale |
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. | 2020-10-29 | not yet calculated |
CVE-2020-27993 MISC |
lookatme — lookatme |
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in “terminal” and “file_loader” extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme. | 2020-10-26 | not yet calculated |
CVE-2020-15271 MISC MISC MISC CONFIRM MISC |
mediawiki — mediawiki |
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. | 2020-10-28 | not yet calculated |
CVE-2020-27957 MISC MISC |
micro_focus — multiple_products |
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. | 2020-10-27 | not yet calculated |
CVE-2020-11858 MISC MISC MISC |
micro_focus — multiple_products |
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | 2020-10-27 | not yet calculated |
CVE-2020-11854 MISC MISC MISC MISC |
mozilla — firefox |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | 2020-10-28 | not yet calculated |
CVE-2020-6829 MISC MISC MISC |
nvida — dgx_servers | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product’s environment, which may lead to remote code execution. | 2020-10-29 | not yet calculated |
CVE-2020-11486 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11616 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11487 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11484 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11615 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11489 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution. | 2020-10-29 | not yet calculated |
CVE-2020-11485 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. | 2020-10-29 | not yet calculated |
CVE-2020-11488 CONFIRM |
nvida — dgx_servers |
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure. | 2020-10-29 | not yet calculated |
CVE-2020-11483 CONFIRM |
nvidia — cuda_toolkit |
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. | 2020-10-30 | not yet calculated |
CVE-2020-5991 CONFIRM |
openrc — openrc |
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink. | 2020-10-27 | not yet calculated |
CVE-2018-21269 MISC |
pam_tacplus — libtac |
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. | 2020-10-26 | not yet calculated |
CVE-2020-27743 MISC MISC |
pathval — pathval | This affects all versions of package pathval. | 2020-10-26 | not yet calculated |
CVE-2020-7751 MISC MISC |
pimcore — pimcore |
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{“keyId”%3a”””,”groupId”%3a”‘asd’))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,”,11,12,”,14+from+users)+–+”}] | 2020-10-30 | not yet calculated |
CVE-2020-7759 CONFIRM CONFIRM |
pulse_secure — desktop_client |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. | 2020-10-28 | not yet calculated |
CVE-2020-8241 MISC |
pulse_secure — desktop_client |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. | 2020-10-28 | not yet calculated |
CVE-2020-8240 MISC |
pulse_secure — desktop_client |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. | 2020-10-28 | not yet calculated |
CVE-2020-8239 MISC |
pulse_secure — desktop_client |
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. | 2020-10-28 | not yet calculated |
CVE-2020-8249 MISC |
pulse_secure — desktop_client |
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. | 2020-10-28 | not yet calculated |
CVE-2020-8254 MISC |
pulse_secure — pulse_connect_secure_and_pulse_policy_secure |
An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 2020-10-27 | not yet calculated |
CVE-2020-15352 MISC |
pulse_secure — pulse_connect_secure_and_pulse_policy_secure |
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | 2020-10-28 | not yet calculated |
CVE-2020-8261 MISC |
pulse_secure — pulse_connect_secure_and_pulse_policy_secure |
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. | 2020-10-28 | not yet calculated |
CVE-2020-8262 MISC |
qnap — qts | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. | 2020-10-28 | not yet calculated |
CVE-2018-19953 CONFIRM |
qnap — qts |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later | 2020-10-28 | not yet calculated |
CVE-2018-19943 CONFIRM |
qnap — qts |
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. | 2020-10-28 | not yet calculated |
CVE-2018-19949 CONFIRM |
qsc — q-sys_core_manager |
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | 2020-10-28 | not yet calculated |
CVE-2020-24990 MISC MISC MISC |
rapid7 — metasploit |
Rapid7’s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim’s machine. | 2020-10-29 | not yet calculated |
CVE-2020-7384 MISC |
red_discord_bot — mod_module |
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user’s control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue. | 2020-10-28 | not yet calculated |
CVE-2020-15278 MISC MISC CONFIRM |
red_hat — ansible |
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality | 2020-10-29 | not yet calculated |
CVE-2020-25646 MISC |
sal — sal |
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view. | 2020-10-29 | not yet calculated |
CVE-2020-26205 MISC CONFIRM |
samba — winbind |
A null pointer dereference flaw was found in samba’s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. | 2020-10-29 | not yet calculated |
CVE-2020-14323 MISC MISC |
sec_consult — publixone |
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. | 2020-10-27 | not yet calculated |
CVE-2020-27179 MISC MISC |
sectona — spectra |
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. | 2020-10-28 | not yet calculated |
CVE-2020-25966 MISC MISC |
shibboleth — identity_provider |
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | 2020-10-28 | not yet calculated |
CVE-2020-27978 MISC |
smartstorenet — smartstorenet |
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. | 2020-10-29 | not yet calculated |
CVE-2020-27996 MISC MISC |
sonicwall — global_vpn |
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. | 2020-10-28 | not yet calculated |
CVE-2020-5144 CONFIRM |
sourcecodester — car_rental_management_system |
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | 2020-10-28 | not yet calculated |
CVE-2020-27956 MISC MISC |
sourceforge — dual_dhcp_dns_server |
An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. | 2020-10-28 | not yet calculated |
CVE-2020-26133 MISC MISC |
sourceforge — home_dns_server |
An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. | 2020-10-28 | not yet calculated |
CVE-2020-26132 MISC MISC |
sourceforge — open_dhcp_server |
Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. | 2020-10-28 | not yet calculated |
CVE-2020-26131 MISC MISC |
sourceforge — open_tftp_server |
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. | 2020-10-28 | not yet calculated |
CVE-2020-26130 MISC MISC |
sourceforge — snap7 |
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed. | 2020-10-28 | not yet calculated |
CVE-2020-22552 MISC MISC MISC |
synology — diskstation_manager
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | 2020-10-29 | not yet calculated |
CVE-2020-27656 CONFIRM |
synology — diskstation_manager |
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 2020-10-29 | not yet calculated |
CVE-2020-27650 CONFIRM |
synology — diskstation_manager |
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 2020-10-29 | not yet calculated |
CVE-2020-27652 CONFIRM MISC |
synology — diskstation_manager |
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-10-29 | not yet calculated |
CVE-2020-27648 CONFIRM MISC |
synology — router_manager | Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 2020-10-29 | not yet calculated |
CVE-2020-27658 CONFIRM MISC |
synology — router_manager | Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | 2020-10-29 | not yet calculated |
CVE-2020-27657 CONFIRM |
synology — router_manager |
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2020-10-29 | not yet calculated |
CVE-2020-27649 CONFIRM MISC |
synology — router_manager |
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | 2020-10-29 | not yet calculated |
CVE-2020-27654 CONFIRM MISC MISC |
synology — router_manager |
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 2020-10-29 | not yet calculated |
CVE-2020-27651 CONFIRM MISC |
synology — router_manager |
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | 2020-10-29 | not yet calculated |
CVE-2020-27653 CONFIRM MISC |
synology — router_manager |
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | 2020-10-29 | not yet calculated |
CVE-2020-27655 CONFIRM |
texas_instruments — cc2538_devices
|
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal(). | 2020-10-27 | not yet calculated |
CVE-2020-27891 MISC MISC |
texas_instruments — cc2538_devices
|
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd(). | 2020-10-27 | not yet calculated |
CVE-2020-27892 MISC MISC |
texas_instruments — cc2538_devices |
The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute’s value. | 2020-10-27 | not yet calculated |
CVE-2020-27890 MISC MISC |
trend_micro — antivirus_for_mac |
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 2020-10-30 | not yet calculated |
CVE-2020-27015 N/A N/A |
trend_micro — antivirus_for_mac |
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | 2020-10-30 | not yet calculated |
CVE-2020-27014 N/A N/A |
ubiquiti — unifi_meshing_access_point_unifi_controller_devices |
An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. | 2020-10-27 | not yet calculated |
CVE-2020-27888 MISC |
vbulletin — vbulletin |
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. | 2020-10-30 | not yet calculated |
CVE-2020-7373 MISC MISC MISC MISC |
vmware — tanzu |
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn’t appear with LDAP because of chained authentication. | 2020-10-31 | not yet calculated |
CVE-2020-5425 CONFIRM |
western_digital — my_cloud_devices |
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114. | 2020-10-27 | not yet calculated |
CVE-2020-12830 MISC CONFIRM |
western_digital — my_cloud_devices |
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | 2020-10-27 | not yet calculated |
CVE-2020-25765 MISC CONFIRM |
western_digital — my_cloud_nas_devices |
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 2020-10-27 | not yet calculated |
CVE-2020-27159 MISC CONFIRM |
western_digital — my_cloud_nas_devices |
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | 2020-10-27 | not yet calculated |
CVE-2020-27160 MISC CONFIRM |
western_digital — my_cloud_nas_devices |
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 2020-10-27 | not yet calculated |
CVE-2020-27158 MISC CONFIRM |
western_digital — my_cloud_nas_devices |
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. | 2020-10-29 | not yet calculated |
CVE-2020-27744 MISC |
winston_privacy — winston_privacy | Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation. | 2020-10-28 | not yet calculated |
CVE-2020-16260 MISC MISC |
winston_privacy — winston_privacy | Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | 2020-10-28 | not yet calculated |
CVE-2020-16261 MISC MISC |
winston_privacy — winston_privacy | Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | 2020-10-28 | not yet calculated |
CVE-2020-16262 MISC MISC |
winston_privacy — winston_privacy |
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user. | 2020-10-28 | not yet calculated |
CVE-2020-16259 MISC MISC |
winston_privacy — winston_privacy |
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | 2020-10-28 | not yet calculated |
CVE-2020-16258 MISC MISC |
winston_privacy — winston_privacy |
Winston 1.5.4 devices are vulnerable to command injection via the API. | 2020-10-28 | not yet calculated |
CVE-2020-16257 MISC MISC |
winston_privacy — winston_privacy |
The API on Winston 1.5.4 devices is vulnerable to CSRF. | 2020-10-28 | not yet calculated |
CVE-2020-16256 MISC MISC |
winston_privacy — winston_privacy |
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. | 2020-10-28 | not yet calculated |
CVE-2020-16263 MISC MISC |
wire — wire |
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c. | 2020-10-27 | not yet calculated |
CVE-2020-27853 MISC |
wso2 — api_manager |
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. | 2020-10-29 | not yet calculated |
CVE-2020-27885 MISC MISC |
wso2 — enterprise_integrator |
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. | 2020-10-29 | not yet calculated |
CVE-2020-25516 MISC MISC |
zohocorp — manageengine_applications_manager | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | 2020-10-29 | not yet calculated |
CVE-2020-27995 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.