| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11205 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350,… | ||
| CVE-2020-11202 | Hig | 0.51 | 7.8 | 0.02 | Nov 12, 2020 | Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in… | ||
| CVE-2020-11201 | Hig | 0.51 | 7.8 | 0.02 | Nov 12, 2020 | Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P,… | ||
| CVE-2020-11175 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,… | ||
| CVE-2020-11132 | Hig | 0.46 | 7.1 | 0.00 | Nov 12, 2020 | u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure… | ||
| CVE-2020-11131 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053,… | ||
| CVE-2020-11130 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,… | ||
| CVE-2020-11127 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial… | ||
| CVE-2020-11121 | Hig | 0.51 | 7.8 | 0.00 | Nov 12, 2020 | u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155,… | ||
| CVE-2020-7769 | — | Hig | 0.49 | 8.6 | 0.02 | Nov 12, 2020 | This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. | |
| CVE-2020-26070 | Hig | 0.56 | 8.6 | 0.02 | Nov 12, 2020 | A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due… | ||
| CVE-2020-2050 | Hig | 0.53 | 8.2 | 0.01 | Nov 12, 2020 | An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and… | ||
| CVE-2020-2022 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2020 | An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability… | ||
| CVE-2020-2000 | Hig | 0.47 | 7.2 | 0.03 | Nov 12, 2020 | An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1… | ||
| CVE-2020-5992 | Hig | 0.51 | 7.8 | 0.00 | Nov 11, 2020 | NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or… | ||
| CVE-2020-26221 | Hig | 0.52 | 8.0 | 0.01 | Nov 11, 2020 | touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing… | ||
| CVE-2020-26218 | Hig | 0.55 | 8.0 | 0.02 | Nov 11, 2020 | touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0. | ||
| CVE-2020-15275 | — | Hig | 0.50 | 8.7 | 0.02 | Nov 11, 2020 | MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly… | |
| CVE-2020-27524 | Hig | 0.46 | 7.1 | 0.01 | Nov 11, 2020 | On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | ||
| CVE-2020-27523 | Hig | 0.49 | 7.5 | 0.02 | Nov 11, 2020 | Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which… | ||
| CVE-2020-4685 | Hig | 0.47 | 7.2 | 0.01 | Nov 11, 2020 | A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of… | ||
| CVE-2020-7768 | Hig | 0.00 | 7.5 | 0.04 | Nov 11, 2020 | The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | ||
| CVE-2020-7329 | Hig | 0.47 | 7.2 | 0.02 | Nov 11, 2020 | Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | ||
| CVE-2020-7328 | Hig | 0.47 | 7.2 | 0.02 | Nov 11, 2020 | External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has… | ||
| CVE-2020-17110 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | HEVC Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17109 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | HEVC Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17108 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | HEVC Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17107 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | HEVC Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17106 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | HEVC Video Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17105 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | AV1 Video Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17104 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17101 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | HEIF Image Extensions Remote Code Execution Vulnerability | ||
| CVE-2020-17091 | Hig | 0.51 | 7.8 | 0.02 | Nov 11, 2020 | Microsoft Teams Remote Code Execution Vulnerability | ||
| CVE-2020-17088 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2020-17087 | Hig | 0.63 | 7.8 | 0.05 | KEV | Nov 11, 2020 | Windows Kernel Local Elevation of Privilege Vulnerability | |
| CVE-2020-17086 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17084 | Hig | 0.56 | 8.5 | 0.04 | Nov 11, 2020 | Microsoft Exchange Server Remote Code Execution Vulnerability | ||
| CVE-2020-17082 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17079 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17078 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | Raw Image Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17077 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Update Stack Elevation of Privilege Vulnerability | ||
| CVE-2020-17076 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | ||
| CVE-2020-17075 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows USO Core Worker Elevation of Privilege Vulnerability | ||
| CVE-2020-17074 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | ||
| CVE-2020-17073 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | ||
| CVE-2020-17070 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Update Medic Service Elevation of Privilege Vulnerability | ||
| CVE-2020-17068 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows GDI+ Remote Code Execution Vulnerability | ||
| CVE-2020-17067 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | Microsoft Excel Security Feature Bypass Vulnerability | ||
| CVE-2020-17066 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2020-17065 | Hig | 0.51 | 7.8 | 0.04 | Nov 11, 2020 | Microsoft Excel Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.00
u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350,…
- risk 0.51cvss 7.8epss 0.02
Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in…
- risk 0.51cvss 7.8epss 0.02
Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P,…
- risk 0.51cvss 7.8epss 0.00
u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…
- risk 0.46cvss 7.1epss 0.00
u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure…
- risk 0.51cvss 7.8epss 0.00
u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053,…
- risk 0.51cvss 7.8epss 0.00
u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,…
- risk 0.51cvss 7.8epss 0.00
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…
- risk 0.51cvss 7.8epss 0.00
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155,…
- risk 0.49cvss 8.6epss 0.02
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
- risk 0.56cvss 8.6epss 0.02
A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due…
- risk 0.53cvss 8.2epss 0.01
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and…
- risk 0.49cvss 7.5epss 0.01
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability…
- risk 0.47cvss 7.2epss 0.03
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1…
- risk 0.51cvss 7.8epss 0.00
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or…
- risk 0.52cvss 8.0epss 0.01
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing…
- risk 0.55cvss 8.0epss 0.02
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
- risk 0.50cvss 8.7epss 0.02
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly…
- risk 0.46cvss 7.1epss 0.01
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.
- risk 0.49cvss 7.5epss 0.02
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which…
- risk 0.47cvss 7.2epss 0.01
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of…
- risk 0.00cvss 7.5epss 0.04
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
- risk 0.47cvss 7.2epss 0.02
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
- risk 0.47cvss 7.2epss 0.02
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has…
- risk 0.51cvss 7.8epss 0.04
HEVC Video Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
HEVC Video Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
HEVC Video Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
HEVC Video Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
HEVC Video Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
AV1 Video Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
HEIF Image Extensions Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Teams Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.63cvss 7.8epss 0.05
Windows Kernel Local Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.04
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.56cvss 8.5epss 0.04
Microsoft Exchange Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Raw Image Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Update Stack Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows USO Core Worker Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Update Medic Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows GDI+ Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Security Feature Bypass Vulnerability
- risk 0.51cvss 7.8epss 0.04
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
Microsoft Excel Remote Code Execution Vulnerability