| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2002-20001 |
400 |
|
|
2021-11-11 |
2021-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. |
|
2 |
CVE-2015-10001 |
352 |
|
XSS CSRF |
2021-11-01 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads |
|
3 |
CVE-2015-20019 |
79 |
|
XSS |
2021-11-01 |
2021-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues |
|
4 |
CVE-2015-20067 |
862 |
|
|
2021-11-01 |
2021-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress |
|
5 |
CVE-2017-5123 |
20 |
|
|
2021-11-02 |
2022-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. |
|
6 |
CVE-2017-20008 |
79 |
|
XSS |
2021-11-29 |
2021-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting |
|
7 |
CVE-2018-6122 |
843 |
|
|
2021-11-02 |
2021-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
8 |
CVE-2018-6125 |
|
|
+Info |
2021-11-02 |
2021-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. |
|
9 |
CVE-2018-25019 |
434 |
|
|
2021-11-01 |
2021-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server |
|
10 |
CVE-2019-5640 |
200 |
|
+Info |
2021-11-22 |
2021-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user |
|
11 |
CVE-2019-8921 |
345 |
|
|
2021-11-29 |
2021-12-15 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. |
|
12 |
CVE-2019-8922 |
787 |
|
Overflow |
2021-11-29 |
2021-12-15 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer. |
|
13 |
CVE-2019-16240 |
120 |
|
Overflow |
2021-11-09 |
2021-11-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device. |
|
14 |
CVE-2019-18912 |
|
|
|
2021-11-09 |
2021-11-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. |
|
15 |
CVE-2019-18914 |
79 |
|
XSS |
2021-11-09 |
2021-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link. |
|
16 |
CVE-2019-18916 |
269 |
|
|
2021-11-09 |
2021-11-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. |
|
17 |
CVE-2020-4140 |
79 |
|
XSS |
2021-11-12 |
2021-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052. |
|
18 |
CVE-2020-4146 |
200 |
|
+Info |
2021-11-12 |
2021-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. |
|
19 |
CVE-2020-4152 |
319 |
|
|
2021-11-08 |
2021-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467. |
|
20 |
CVE-2020-4153 |
79 |
|
XSS |
2021-11-08 |
2021-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. |
|
21 |
CVE-2020-4160 |
668 |
|
+Info |
2021-11-08 |
2021-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. |
|
22 |
CVE-2020-5955 |
269 |
|
|
2021-11-03 |
2022-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges. |
|
23 |
CVE-2020-6492 |
416 |
|
|
2021-11-02 |
2021-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
|
24 |
CVE-2020-6931 |
269 |
|
|
2021-11-03 |
2021-11-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. |
|
25 |
CVE-2020-7879 |
78 |
|
Exec Code |
2021-11-30 |
2021-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. |
|
26 |
CVE-2020-7880 |
20 |
|
|
2021-11-30 |
2021-12-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. |
|
27 |
CVE-2020-7881 |
190 |
|
Exec Code Overflow |
2021-11-26 |
2021-11-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. |
|
28 |
CVE-2020-7882 |
22 |
|
Dir. Trav. |
2021-11-22 |
2021-11-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') |
|
29 |
CVE-2020-8741 |
276 |
|
|
2021-11-17 |
2021-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
30 |
CVE-2020-10052 |
532 |
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. |
|
31 |
CVE-2020-10053 |
312 |
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. |
|
32 |
CVE-2020-10054 |
|
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service. |
|
33 |
CVE-2020-12488 |
668 |
|
|
2021-11-10 |
2021-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. |
|
34 |
CVE-2020-12814 |
79 |
|
Exec Code XSS |
2021-11-02 |
2021-11-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. |
|
35 |
CVE-2020-12892 |
426 |
|
Exec Code |
2021-11-15 |
2021-11-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. |
|
36 |
CVE-2020-12893 |
787 |
|
DoS Overflow |
2021-11-15 |
2021-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. |
|
37 |
CVE-2020-12894 |
787 |
|
DoS |
2021-11-15 |
2021-11-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. |
|
38 |
CVE-2020-12895 |
787 |
|
DoS Overflow |
2021-11-15 |
2021-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. |
|
39 |
CVE-2020-12897 |
200 |
|
Bypass +Info |
2021-11-15 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. |
|
40 |
CVE-2020-12898 |
787 |
|
DoS Overflow |
2021-11-15 |
2021-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
|
41 |
CVE-2020-12899 |
200 |
|
DoS Bypass +Info |
2021-11-15 |
2021-11-17 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. |
|
42 |
CVE-2020-12900 |
269 |
|
DoS +Priv |
2021-11-15 |
2021-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. |
|
43 |
CVE-2020-12901 |
416 |
|
Bypass |
2021-11-15 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. |
|
44 |
CVE-2020-12902 |
269 |
|
DoS |
2021-11-15 |
2021-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
|
45 |
CVE-2020-12903 |
787 |
|
DoS |
2021-11-15 |
2021-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. |
|
46 |
CVE-2020-12904 |
125 |
|
|
2021-11-15 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. |
|
47 |
CVE-2020-12905 |
125 |
|
|
2021-11-15 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. |
|
48 |
CVE-2020-12920 |
|
|
DoS |
2021-11-15 |
2021-11-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. |
|
49 |
CVE-2020-12929 |
20 |
|
Exec Code Bypass |
2021-11-15 |
2021-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . |
|
50 |
CVE-2020-12944 |
20 |
|
Exec Code |
2021-11-16 |
2022-05-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
