CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-8712 Exec Code Mem. Corr. 2020-10-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.
2 CVE-2019-8716 Exec Code Mem. Corr. 2020-10-27 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.
3 CVE-2019-17006 345 Overflow 2020-10-22 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
4 CVE-2019-19513 787 DoS Exec Code 2020-10-16 2020-10-27
10.0
None Remote Low Not required Complete Complete Complete
The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.
5 CVE-2020-3992 416 Exec Code 2020-10-20 2022-06-15
10.0
None Remote Low Not required Complete Complete Complete
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
6 CVE-2020-6364 78 Exec Code 2020-10-15 2021-06-17
10.0
None Remote Low Not required Complete Complete Complete
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
7 CVE-2020-7141 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
8 CVE-2020-7142 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
9 CVE-2020-7143 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
10 CVE-2020-7144 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
11 CVE-2020-7145 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
12 CVE-2020-7146 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
13 CVE-2020-7147 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
14 CVE-2020-7148 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
15 CVE-2020-7149 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
16 CVE-2020-7150 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
17 CVE-2020-7151 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
18 CVE-2020-7152 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19 CVE-2020-7153 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
20 CVE-2020-7154 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
21 CVE-2020-7155 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
22 CVE-2020-7156 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
23 CVE-2020-7157 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
24 CVE-2020-7158 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
25 CVE-2020-7159 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
26 CVE-2020-7160 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
27 CVE-2020-7161 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
28 CVE-2020-7162 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
29 CVE-2020-7163 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
30 CVE-2020-7164 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
31 CVE-2020-7165 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
32 CVE-2020-7166 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
33 CVE-2020-7167 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
34 CVE-2020-7168 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
35 CVE-2020-7169 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
36 CVE-2020-7170 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
37 CVE-2020-7171 74 Exec Code 2020-10-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
38 CVE-2020-7172 74 Exec Code 2020-10-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
39 CVE-2020-7745 94 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.
40 CVE-2020-9864 Exec Code 2020-10-16 2020-10-20
10.0
None Remote Low Not required Complete Complete Complete
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.
41 CVE-2020-9918 125 2020-10-16 2022-05-31
10.0
None Remote Low Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
42 CVE-2020-11854 798 Exec Code 2020-10-27 2022-04-26
10.0
None Remote Low Not required Complete Complete Complete
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
43 CVE-2020-12124 78 Exec Code 2020-10-02 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
44 CVE-2020-12125 120 Overflow 2020-10-02 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
45 CVE-2020-14855 2020-10-21 2020-10-23
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
46 CVE-2020-14859 2020-10-21 2020-10-23
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
47 CVE-2020-14871 787 2020-10-21 2022-06-03
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
48 CVE-2020-14882 2020-10-21 2021-02-22
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
49 CVE-2020-16257 77 2020-10-28 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices are vulnerable to command injection via the API.
50 CVE-2020-16259 732 2020-10-28 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Total number of vulnerabilities : 1563   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.