CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2020-7176 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1052 CVE-2020-7175 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1053 CVE-2020-7174 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1054 CVE-2020-7173 917 Exec Code 2020-10-19 2020-10-21
9.0
None Remote Low ??? Complete Complete Complete
A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1055 CVE-2020-7172 74 Exec Code 2020-10-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1056 CVE-2020-7171 74 Exec Code 2020-10-19 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1057 CVE-2020-7170 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1058 CVE-2020-7169 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1059 CVE-2020-7168 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1060 CVE-2020-7167 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1061 CVE-2020-7166 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1062 CVE-2020-7165 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1063 CVE-2020-7164 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1064 CVE-2020-7163 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1065 CVE-2020-7162 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1066 CVE-2020-7161 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1067 CVE-2020-7160 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1068 CVE-2020-7159 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1069 CVE-2020-7158 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1070 CVE-2020-7157 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1071 CVE-2020-7156 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1072 CVE-2020-7155 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1073 CVE-2020-7154 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1074 CVE-2020-7153 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1075 CVE-2020-7152 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1076 CVE-2020-7151 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1077 CVE-2020-7150 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1078 CVE-2020-7149 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1079 CVE-2020-7148 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1080 CVE-2020-7147 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1081 CVE-2020-7146 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1082 CVE-2020-7145 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1083 CVE-2020-7144 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1084 CVE-2020-7143 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1085 CVE-2020-7142 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1086 CVE-2020-7141 917 Exec Code 2020-10-19 2020-10-21
10.0
None Remote Low Not required Complete Complete Complete
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
1087 CVE-2020-7127 Exec Code 2020-10-26 2020-10-30
7.5
None Remote Low Not required Partial Partial Partial
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1088 CVE-2020-7126 918 2020-10-26 2020-10-27
5.0
None Remote Low Not required Partial None None
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1089 CVE-2020-7125 269 2020-10-26 2020-10-27
6.5
None Remote Low ??? Partial Partial Partial
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1090 CVE-2020-7124 862 2020-10-26 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
1091 CVE-2020-7070 565 2020-10-02 2021-12-02
5.0
None Remote Low Not required None Partial None
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
1092 CVE-2020-7069 326 2020-10-02 2021-12-02
6.4
None Remote Low Not required Partial Partial None
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
1093 CVE-2020-7020 269 2020-10-22 2022-06-03
3.5
None Remote Medium ??? Partial None None
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
1094 CVE-2020-6933 20 DoS 2020-10-14 2020-10-29
2.1
None Local Low Not required None None Partial
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
1095 CVE-2020-6876 79 XSS 2020-10-26 2020-10-30
3.5
None Remote Medium ??? None Partial None
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
1096 CVE-2020-6875 307 2020-10-05 2021-07-21
5.0
None Remote Low Not required Partial None None
A ZTE product is impacted by the improper access control vulnerability. Due to lack of an authentication protection mechanism in the program, attackers could use this vulnerability to gain access right through brute-force attacks. This affects: <ZXONE 19700 SNPE><ZXONE8700V1.40R2B13_SNPE>
1097 CVE-2020-6829 +Info 2020-10-28 2020-11-03
5.0
None Remote Low Not required Partial None None
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
1098 CVE-2020-6648 312 +Info 2020-10-21 2022-06-15
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.
1099 CVE-2020-6376 20 2020-10-15 2020-10-19
4.3
None Remote Medium Not required None None Partial
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
1100 CVE-2020-6375 20 2020-10-15 2020-10-19
4.3
None Remote Medium Not required None None Partial
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Total number of vulnerabilities : 1563   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.