CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2019-17444 521 2020-10-12 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
1402 CVE-2019-17007 295 DoS 2020-10-22 2021-02-19
5.0
None Remote Low Not required None None Partial
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
1403 CVE-2019-17006 345 Overflow 2020-10-22 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
1404 CVE-2019-16160 190 2020-10-07 2021-07-21
5.0
None Remote Low Not required None None Partial
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
1405 CVE-2019-16129 120 Overflow 2020-10-22 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
1406 CVE-2019-16128 120 Overflow 2020-10-22 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
1407 CVE-2019-16127 190 Overflow 2020-10-22 2020-10-30
6.4
None Remote Low Not required Partial Partial None
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
1408 CVE-2019-14719 2020-10-23 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
1409 CVE-2019-14718 276 2020-10-23 2020-10-28
4.6
None Local Low Not required Partial Partial Partial
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
1410 CVE-2019-14717 120 Overflow 2020-10-23 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
1411 CVE-2019-14716 2020-10-23 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
1412 CVE-2019-14715 787 2020-10-23 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
1413 CVE-2019-14713 2020-10-23 2020-10-28
2.1
None Local Low Not required None Partial None
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
1414 CVE-2019-14712 Bypass 2020-10-23 2020-10-30
4.6
None Local Low Not required Partial Partial Partial
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
1415 CVE-2019-14711 863 Bypass 2020-10-23 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
1416 CVE-2019-14558 DoS 2020-10-05 2022-01-01
2.7
None Local Network Low ??? None None Partial
Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
1417 CVE-2019-14557 120 DoS Overflow 2020-10-05 2020-10-19
5.2
None Local Network Low ??? Partial Partial Partial
Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.
1418 CVE-2019-14556 665 DoS 2020-10-05 2020-10-13
2.1
None Local Low Not required None None Partial
Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access.
1419 CVE-2019-13633 79 XSS 2020-10-19 2020-10-28
4.3
None Remote Medium Not required None Partial None
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
1420 CVE-2019-12305 916 2020-10-16 2021-07-21
3.3
None Local Network Low Not required Partial None None
In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.
1421 CVE-2019-9080 327 2020-10-20 2021-07-21
5.0
None Remote Low Not required Partial None None
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
1422 CVE-2019-8901 347 2020-10-27 2020-10-30
4.0
None Remote Low ??? Partial None None
This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action.
1423 CVE-2019-8898 922 2020-10-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.
1424 CVE-2019-8858 2020-10-27 2020-11-24
5.0
None Remote Low Not required None Partial None
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.
1425 CVE-2019-8857 862 2020-10-27 2021-07-21
2.1
None Local Low Not required Partial None None
The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.
1426 CVE-2019-8856 862 2020-10-27 2021-07-21
4.3
None Remote Medium Not required None Partial None
An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.
1427 CVE-2019-8855 862 2020-10-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files.
1428 CVE-2019-8854 2020-10-27 2020-10-30
5.0
None Remote Low Not required Partial None None
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
1429 CVE-2019-8853 20 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.
1430 CVE-2019-8852 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.
1431 CVE-2019-8851 2020-10-27 2020-11-02
5.0
None Remote Low Not required None None Partial
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake.
1432 CVE-2019-8850 125 2020-10-27 2020-10-29
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.
1433 CVE-2019-8848 269 +Priv 2020-10-27 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.
1434 CVE-2019-8847 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.
1435 CVE-2019-8846 416 Exec Code 2020-10-27 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
1436 CVE-2019-8844 787 Exec Code Mem. Corr. 2020-10-27 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
1437 CVE-2019-8842 120 Overflow 2020-10-27 2021-03-15
2.6
None Remote High Not required None Partial None
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
1438 CVE-2019-8841 269 Exec Code 2020-10-27 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
1439 CVE-2019-8840 125 Exec Code 2020-10-27 2020-11-02
6.5
None Remote Low ??? Partial Partial Partial
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.
1440 CVE-2019-8839 120 DoS Overflow 2020-10-27 2020-10-30
4.3
None Remote Medium Not required None None Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An attacker in a privileged position may be able to perform a denial of service attack.
1441 CVE-2019-8838 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
1442 CVE-2019-8837 119 Overflow 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.
1443 CVE-2019-8836 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.
1444 CVE-2019-8835 787 Exec Code Mem. Corr. 2020-10-27 2021-05-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
1445 CVE-2019-8834 Bypass 2020-10-27 2020-10-30
4.0
None Remote Low ??? None Partial None
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.
1446 CVE-2019-8833 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
1447 CVE-2019-8832 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.
1448 CVE-2019-8831 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.
1449 CVE-2019-8830 125 Exec Code 2020-10-27 2020-10-30
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.
1450 CVE-2019-8829 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.
Total number of vulnerabilities : 1563   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.