| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1151 |
CVE-2020-5933 |
|
|
|
2020-10-29 |
2020-11-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. |
|
1152 |
CVE-2020-5932 |
79 |
|
Exec Code XSS |
2020-10-29 |
2020-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. |
|
1153 |
CVE-2020-5931 |
|
|
|
2020-10-29 |
2020-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. |
|
1154 |
CVE-2020-5792 |
88 |
|
Exec Code |
2020-10-20 |
2022-04-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. |
|
1155 |
CVE-2020-5791 |
78 |
|
Exec Code |
2020-10-20 |
2022-06-15 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. |
|
1156 |
CVE-2020-5790 |
352 |
|
CSRF |
2020-10-20 |
2020-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
|
1157 |
CVE-2020-5789 |
22 |
|
Dir. Trav. |
2020-10-01 |
2020-10-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. |
|
1158 |
CVE-2020-5788 |
22 |
|
Dir. Trav. |
2020-10-01 |
2020-10-01 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
|
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. |
|
1159 |
CVE-2020-5787 |
22 |
|
Dir. Trav. |
2020-10-01 |
2020-10-01 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
|
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. |
|
1160 |
CVE-2020-5786 |
352 |
|
CSRF |
2020-10-01 |
2020-10-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
|
1161 |
CVE-2020-5785 |
79 |
|
XSS |
2020-10-01 |
2020-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter. |
|
1162 |
CVE-2020-5784 |
918 |
|
|
2020-10-01 |
2020-10-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs. |
|
1163 |
CVE-2020-5651 |
89 |
|
Exec Code Sql |
2020-10-21 |
2020-10-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. |
|
1164 |
CVE-2020-5650 |
79 |
|
XSS |
2020-10-21 |
2020-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. |
|
1165 |
CVE-2020-5642 |
352 |
|
CSRF |
2020-10-15 |
2020-10-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
|
1166 |
CVE-2020-5640 |
|
|
Exec Code +Info File Inclusion |
2020-10-20 |
2020-10-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. |
|
1167 |
CVE-2020-5634 |
|
|
Exec Code |
2020-10-06 |
2020-10-13 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors. |
|
1168 |
CVE-2020-5632 |
|
|
Exec Code Bypass |
2020-10-06 |
2020-10-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files. |
|
1169 |
CVE-2020-5631 |
79 |
|
XSS |
2020-10-06 |
2020-10-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. |
|
1170 |
CVE-2020-5425 |
287 |
|
|
2020-10-31 |
2020-11-17 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication. |
|
1171 |
CVE-2020-5422 |
668 |
|
|
2020-10-02 |
2020-10-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). |
|
1172 |
CVE-2020-5389 |
532 |
|
|
2020-10-08 |
2020-10-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. |
|
1173 |
CVE-2020-5387 |
755 |
|
|
2020-10-01 |
2020-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. |
|
1174 |
CVE-2020-5145 |
427 |
|
Exec Code |
2020-10-28 |
2020-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system. |
|
1175 |
CVE-2020-5144 |
426 |
|
|
2020-10-28 |
2020-11-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. |
|
1176 |
CVE-2020-5143 |
203 |
|
|
2020-10-12 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1177 |
CVE-2020-5142 |
79 |
|
Exec Code XSS |
2020-10-12 |
2020-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1178 |
CVE-2020-5141 |
307 |
|
|
2020-10-12 |
2020-10-23 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1179 |
CVE-2020-5140 |
125 |
|
DoS |
2020-10-12 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1180 |
CVE-2020-5139 |
763 |
|
DoS |
2020-10-12 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1181 |
CVE-2020-5138 |
787 |
|
DoS Overflow |
2020-10-12 |
2021-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. |
|
1182 |
CVE-2020-5137 |
120 |
|
DoS Overflow |
2020-10-12 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
|
1183 |
CVE-2020-5136 |
120 |
|
DoS Overflow |
2020-10-12 |
2020-10-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
|
1184 |
CVE-2020-5135 |
120 |
|
DoS Exec Code Overflow |
2020-10-12 |
2020-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
|
1185 |
CVE-2020-5134 |
125 |
|
|
2020-10-12 |
2020-10-23 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
|
1186 |
CVE-2020-5133 |
120 |
|
DoS Overflow |
2020-10-12 |
2020-10-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
|
1187 |
CVE-2020-4864 |
290 |
|
|
2020-10-29 |
2020-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567. |
|
1188 |
CVE-2020-4799 |
787 |
|
Exec Code |
2020-10-08 |
2020-10-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. |
|
1189 |
CVE-2020-4782 |
22 |
|
Dir. Trav. |
2020-10-28 |
2020-10-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. |
|
1190 |
CVE-2020-4781 |
20 |
|
DoS |
2020-10-12 |
2020-10-26 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. |
|
1191 |
CVE-2020-4780 |
613 |
|
|
2020-10-12 |
2020-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. |
|
1192 |
CVE-2020-4779 |
287 |
|
Bypass |
2020-10-12 |
2020-10-19 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. |
|
1193 |
CVE-2020-4778 |
326 |
|
|
2020-10-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. |
|
1194 |
CVE-2020-4776 |
22 |
|
Dir. Trav. |
2020-10-12 |
2020-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. |
|
1195 |
CVE-2020-4775 |
79 |
|
XSS |
2020-10-12 |
2020-10-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153. |
|
1196 |
CVE-2020-4774 |
74 |
|
+Info |
2020-10-12 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. |
|
1197 |
CVE-2020-4773 |
352 |
|
CSRF |
2020-10-12 |
2020-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. |
|
1198 |
CVE-2020-4772 |
611 |
|
DoS |
2020-10-12 |
2020-10-19 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. |
|
1199 |
CVE-2020-4767 |
125 |
|
DoS |
2020-10-28 |
2020-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906. |
|
1200 |
CVE-2020-4756 |
404 |
|
DoS |
2020-10-20 |
2020-10-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599. |
