| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17032 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17031 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17028 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17027 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17026 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17025 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Remote Access Elevation of Privilege Vulnerability | ||
| CVE-2020-17024 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | ||
| CVE-2020-17019 | Hig | 0.51 | 7.8 | 0.03 | Nov 11, 2020 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2020-17016 | Hig | 0.52 | 8.0 | 0.03 | Nov 11, 2020 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2020-17014 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2020-17012 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2020-17011 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Port Class Library Elevation of Privilege Vulnerability | ||
| CVE-2020-17010 | Hig | 0.51 | 7.8 | 0.02 | Nov 11, 2020 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2020-17007 | Hig | 0.46 | 7.0 | 0.01 | Nov 11, 2020 | Windows Error Reporting Elevation of Privilege Vulnerability | ||
| CVE-2020-17001 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2020 | Windows Print Spooler Elevation of Privilege Vulnerability | ||
| CVE-2020-16998 | Hig | 0.46 | 7.0 | 0.01 | Nov 11, 2020 | DirectX Elevation of Privilege Vulnerability | ||
| CVE-2020-16997 | Hig | 0.50 | 7.7 | 0.04 | Nov 11, 2020 | Remote Desktop Protocol Server Information Disclosure Vulnerability | ||
| CVE-2020-16994 | Hig | 0.48 | 7.3 | 0.02 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-16992 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2020 | Azure Sphere Elevation of Privilege Vulnerability | ||
| CVE-2020-16991 | Hig | 0.48 | 7.3 | 0.02 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-16987 | Hig | 0.48 | 7.3 | 0.01 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-16984 | Hig | 0.48 | 7.3 | 0.01 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-16970 | Hig | 0.53 | 8.1 | 0.01 | Nov 11, 2020 | Azure Sphere Unsigned Code Execution Vulnerability | ||
| CVE-2020-25268 | Hig | 0.57 | 8.8 | 0.02 | Nov 10, 2020 | Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | ||
| CVE-2020-24367 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | ||
| CVE-2020-24063 | Hig | 0.47 | 7.2 | 0.01 | Nov 10, 2020 | The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | ||
| CVE-2020-23968 | Hig | 0.51 | 7.8 | 0.01 | Nov 10, 2020 | Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | ||
| CVE-2019-7357 | — | Hig | 0.57 | 8.8 | 0.01 | Nov 10, 2020 | Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins. | |
| CVE-2020-28055 | Hig | 0.51 | 7.8 | 0.01 | Nov 10, 2020 | A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade,… | ||
| CVE-2020-26820 | Hig | 0.47 | 7.2 | 0.04 | Nov 10, 2020 | SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then… | ||
| CVE-2020-26819 | Hig | 0.57 | 8.8 | 0.01 | Nov 10, 2020 | SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. | ||
| CVE-2020-26818 | Hig | 0.57 | 8.8 | 0.01 | Nov 10, 2020 | SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing… | ||
| CVE-2020-26817 | Hig | 0.51 | 7.8 | 0.01 | Nov 10, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper… | ||
| CVE-2020-26815 | Hig | 0.56 | 8.6 | 0.01 | Nov 10, 2020 | SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an… | ||
| CVE-2020-26810 | Hig | 0.49 | 7.5 | 0.01 | Nov 10, 2020 | SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can… | ||
| CVE-2020-26808 | Hig | 0.47 | 7.2 | 0.03 | Nov 10, 2020 | SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code… | ||
| CVE-2020-7766 | — | Hig | 0.41 | 7.3 | 0.02 | Nov 10, 2020 | This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does… | |
| CVE-2020-28267 | — | Hig | 0.42 | 7.5 | 0.02 | Nov 10, 2020 | Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |
| CVE-2020-0451 | Hig | 0.57 | 8.8 | 0.02 | Nov 10, 2020 | In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2020-0449 | Hig | 0.57 | 8.8 | 0.01 | Nov 10, 2020 | In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2020-0442 | Hig | 0.49 | 7.5 | 0.01 | Nov 10, 2020 | In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not… | ||
| CVE-2020-0441 | Hig | 0.49 | 7.5 | 0.01 | Nov 10, 2020 | In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2020-0439 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional… | ||
| CVE-2020-0438 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed.… | ||
| CVE-2020-0418 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813 | ||
| CVE-2020-0409 | Hig | 0.51 | 7.8 | 0.00 | Nov 10, 2020 | In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10… | ||
| CVE-2020-16125 | Hig | 0.47 | 7.2 | 0.01 | Nov 10, 2020 | gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a… | ||
| CVE-2020-27694 | Hig | 0.58 | 8.8 | 0.07 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack. | ||
| CVE-2020-27016 | Hig | 0.57 | 8.8 | 0.02 | Nov 9, 2020 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web… | ||
| CVE-2020-28373 | Hig | 0.57 | 8.8 | 0.01 | Nov 9, 2020 | upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136,… |
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Remote Access Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.03
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Bind Filter Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Port Class Library Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Win32k Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows Error Reporting Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Print Spooler Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
DirectX Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.04
Remote Desktop Protocol Server Information Disclosure Vulnerability
- risk 0.48cvss 7.3epss 0.02
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.01
Azure Sphere Elevation of Privilege Vulnerability
- risk 0.48cvss 7.3epss 0.02
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.48cvss 7.3epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.48cvss 7.3epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.01
Azure Sphere Unsigned Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
- risk 0.51cvss 7.8epss 0.00
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.
- risk 0.47cvss 7.2epss 0.01
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
- risk 0.51cvss 7.8epss 0.01
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
- risk 0.57cvss 8.8epss 0.01
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
- risk 0.51cvss 7.8epss 0.01
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read & write to the /data/vendor/tcl, /data/vendor/upgrade,…
- risk 0.47cvss 7.2epss 0.04
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then…
- risk 0.57cvss 8.8epss 0.01
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.
- risk 0.57cvss 8.8epss 0.01
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing…
- risk 0.51cvss 7.8epss 0.01
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper…
- risk 0.56cvss 8.6epss 0.01
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an…
- risk 0.49cvss 7.5epss 0.01
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can…
- risk 0.47cvss 7.2epss 0.03
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code…
- risk 0.41cvss 7.3epss 0.02
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does…
- risk 0.42cvss 7.5epss 0.02
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
- risk 0.57cvss 8.8epss 0.02
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.57cvss 8.8epss 0.01
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.49cvss 7.5epss 0.01
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not…
- risk 0.49cvss 7.5epss 0.01
In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for…
- risk 0.51cvss 7.8epss 0.00
In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional…
- risk 0.51cvss 7.8epss 0.00
In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed.…
- risk 0.51cvss 7.8epss 0.00
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813
- risk 0.51cvss 7.8epss 0.00
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10…
- risk 0.47cvss 7.2epss 0.01
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a…
- risk 0.58cvss 8.8epss 0.07
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
- risk 0.57cvss 8.8epss 0.02
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web…
- risk 0.57cvss 8.8epss 0.01
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136,…