| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1201 |
CVE-2020-4755 |
79 |
|
XSS |
2020-10-20 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595. |
|
1202 |
CVE-2020-4749 |
565 |
|
|
2020-10-20 |
2020-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188518. |
|
1203 |
CVE-2020-4748 |
79 |
|
XSS |
2020-10-20 |
2020-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517. |
|
1204 |
CVE-2020-4741 |
79 |
|
XSS |
2020-10-12 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197. |
|
1205 |
CVE-2020-4740 |
74 |
|
Exec Code |
2020-10-12 |
2021-07-21 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150. |
|
1206 |
CVE-2020-4724 |
120 |
|
Exec Code Mem. Corr. |
2020-10-29 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. |
|
1207 |
CVE-2020-4723 |
120 |
|
Exec Code Mem. Corr. |
2020-10-29 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873. |
|
1208 |
CVE-2020-4722 |
120 |
|
Exec Code Mem. Corr. |
2020-10-29 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870. |
|
1209 |
CVE-2020-4721 |
120 |
|
Exec Code Mem. Corr. |
2020-10-29 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868. |
|
1210 |
CVE-2020-4699 |
203 |
|
|
2020-10-12 |
2020-10-19 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186947. |
|
1211 |
CVE-2020-4689 |
74 |
|
Exec Code |
2020-10-12 |
2021-07-21 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. |
|
1212 |
CVE-2020-4681 |
79 |
|
XSS |
2020-10-12 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427. |
|
1213 |
CVE-2020-4680 |
79 |
|
XSS |
2020-10-12 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186426. |
|
1214 |
CVE-2020-4679 |
79 |
|
XSS |
2020-10-12 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186424. |
|
1215 |
CVE-2020-4678 |
200 |
|
+Info |
2020-10-12 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. |
|
1216 |
CVE-2020-4661 |
203 |
|
|
2020-10-12 |
2020-10-19 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186142. |
|
1217 |
CVE-2020-4660 |
203 |
|
|
2020-10-12 |
2020-10-19 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140. |
|
1218 |
CVE-2020-4636 |
77 |
|
|
2020-10-16 |
2020-10-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. |
|
1219 |
CVE-2020-4588 |
434 |
|
Exec Code |
2020-10-30 |
2020-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. |
|
1220 |
CVE-2020-4584 |
209 |
|
+Info |
2020-10-30 |
2022-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. |
|
1221 |
CVE-2020-4576 |
|
|
+Info |
2020-10-01 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. |
|
1222 |
CVE-2020-4564 |
79 |
|
XSS |
2020-10-20 |
2020-10-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183933. |
|
1223 |
CVE-2020-4528 |
200 |
|
+Info |
2020-10-06 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. |
|
1224 |
CVE-2020-4499 |
862 |
|
Bypass |
2020-10-15 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216. |
|
1225 |
CVE-2020-4493 |
287 |
|
Bypass |
2020-10-05 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. |
|
1226 |
CVE-2020-4491 |
400 |
|
DoS |
2020-10-20 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. |
|
1227 |
CVE-2020-4395 |
613 |
|
|
2020-10-14 |
2020-10-26 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358. |
|
1228 |
CVE-2020-4388 |
755 |
|
DoS |
2020-10-12 |
2020-10-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of service attack by failing to catch exceptions in a servlet also exposing debug information could also be used in future attacks. IBM X-Force ID: 179270. |
|
1229 |
CVE-2020-4302 |
755 |
|
Exec Code |
2020-10-12 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. |
|
1230 |
CVE-2020-4280 |
502 |
|
Exec Code |
2020-10-08 |
2022-06-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. |
|
1231 |
CVE-2020-4254 |
327 |
|
|
2020-10-16 |
2020-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560. |
|
1232 |
CVE-2020-3998 |
522 |
|
|
2020-10-23 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. |
|
1233 |
CVE-2020-3997 |
79 |
|
XSS |
2020-10-23 |
2020-10-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. |
|
1234 |
CVE-2020-3996 |
|
|
+Info |
2020-10-22 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. |
|
1235 |
CVE-2020-3995 |
401 |
|
|
2020-10-20 |
2020-10-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. |
|
1236 |
CVE-2020-3994 |
295 |
|
|
2020-10-20 |
2021-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. |
|
1237 |
CVE-2020-3993 |
|
|
|
2020-10-20 |
2020-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. |
|
1238 |
CVE-2020-3992 |
416 |
|
Exec Code |
2020-10-20 |
2022-06-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. |
|
1239 |
CVE-2020-3991 |
|
|
|
2020-10-16 |
2020-10-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. |
|
1240 |
CVE-2020-3982 |
787 |
|
|
2020-10-20 |
2020-10-30 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. |
|
1241 |
CVE-2020-3981 |
367 |
|
|
2020-10-20 |
2021-07-21 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. |
|
1242 |
CVE-2020-3918 |
|
|
|
2020-10-22 |
2020-10-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information. |
|
1243 |
CVE-2020-3915 |
|
|
|
2020-10-22 |
2020-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files. |
|
1244 |
CVE-2020-3898 |
119 |
|
Overflow +Priv Mem. Corr. |
2020-10-22 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. |
|
1245 |
CVE-2020-3880 |
125 |
|
Exec Code |
2020-10-27 |
2020-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. |
|
1246 |
CVE-2020-3864 |
346 |
|
|
2020-10-27 |
2021-05-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. |
|
1247 |
CVE-2020-3863 |
119 |
|
Exec Code Overflow Mem. Corr. |
2020-10-27 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges. |
|
1248 |
CVE-2020-3855 |
|
|
|
2020-10-27 |
2020-10-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files. |
|
1249 |
CVE-2020-3852 |
20 |
|
|
2020-10-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. |
|
1250 |
CVE-2020-3851 |
416 |
|
+Priv |
2020-10-27 |
2020-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. |
