Risk 2020

Overview of the different risk assignments of different sources of the documented vulnerabilities.

IDTitleVulDBCVSSSecuniaXForceNessus
167160concread Crate unknown vulnerability [CVE-2020-35928]low4.9---
167159thex Crate Thread unknown vulnerability [CVE-2020-35927]medium4.9---
167158nanorand Crate entropy [CVE-2020-35926]low2.3---
167157magnetic Crate Thread MPMCProducer memory corruptionmedium5.2---
167156try-mutex Crate Thread unknown vulnerability [CVE-2020-35924]low4.9---
167155ordered-float crate unknown vulnerability [CVE-2020-35923]low4.9---
167154mio Crate SocketAddr memory corruptionmedium5.2---
167153miow Crate SocketAddr memory corruptionmedium5.2---
167152socket2 Crate SocketAddr memory corruptionmedium5.2---
167151net2 Crate SocketAddr memory corruptionmedium5.2---
167150branca Crate Token Decoding denial of service [CVE-2020-35918]low2.3---
167149pyo3 Crate use after free [CVE-2020-35917]medium4.9---
167148Image Crate unknown vulnerability [CVE-2020-35916]low4.9---
167147futures-intrusive Crate Thread GenericMutexGuard unknown vulnerabilitylow4.9---
167146lock_api Crate RwLockWriteGuard unknown vulnerabilitylow4.9---
167145lock_api Crate RwLockReadGuard unknown vulnerabilitylow4.9---
167144lock_api Crate MappedRwLockWriteGuard unknown vulnerabilitylow4.9---
167143lock_api Crate MappedRwLockReadGuard unknown vulnerabilitylow4.9---
167142lock_api Crate unknown vulnerability [CVE-2020-35910]low4.9---
167141multihash Crate from_slice denial of servicelow2.3---
167140futures-util Crate FuturesUnordered unknown vulnerabilitylow4.9---
167139futures-task Crate noop_waker_ref null pointer dereferencelow2.3---
167138futures-task Crate waker use after freemedium4.9---
167137futures-util Crate map race conditionlow4.9---
167136crossbeam-channel Crate memory corruption [CVE-2020-35904]medium5.2---
167135dync Crate VecCopy unknown vulnerabilitylow4.9---
167134actix-codec Crate Framed use after free [CVE-2020-35902]medium4.9---
167133actix-http Crate BodyStream use after freemedium4.9---
167132array-queue Crate pop_back use after freemedium4.9---
167131actix-service Crate Cell unknown vulnerability [CVE-2020-35899]low4.9---
167130actix-utils Crate Cell unknown vulnerability [CVE-2020-35898]low4.9---
167129atom Crate Send unknown vulnerability [CVE-2020-35897]low4.9---
167128ws Crate buffer overflow [CVE-2020-35896]medium6.5---
167127stack Crate ArrayVec out-of-bounds writemedium5.2---
167126obstack Crate unknown vulnerability [CVE-2020-35894]medium5.2---
167125simple-slab Crate remove uninitialized pointerlow4.9---
167124simple-slab Crate index out-of-bounds readlow2.3---
167123ordnung Crate Vec double freemedium4.9---
167122ordnung Crate Vec out-of-bounds readlow2.3---
167121crayon Crate HandleLike toctoumedium4.9---
167120arr Crate new_from_template uninitialized pointermedium4.9---
167119arr Crate IndexMut buffer overflowmedium5.2---
167118arr Crate Thread unknown vulnerability [CVE-2020-35886]medium4.9---
167117alpm-rs Crate StrcCtx allocation of resourceslow2.3---
167116tiny_http Crate Transfer-Encoding request smuggling [CVE-2020-35884]medium4.9---
167115mozwire Crate path traversal [CVE-2020-35883]low2.3---
167114rocket Crate clone unknown vulnerabilitylow4.9---
167113traitobject Crate memory corruption [CVE-2020-35881]medium5.2---
167112bigint Crate unknown vulnerability [CVE-2020-35880]medium4.9---
167111rulinalg Crate raw_slice_mut unknown vulnerabilitymedium4.9---
167110ozone Crate uninitialized pointer [CVE-2020-35878]low2.3---
167109ozone Crate out-of-bounds read [CVE-2020-35877]low2.3---
167108rio crate use after free [CVE-2020-35876]medium4.9---
167107tokio-rustls Crate memory allocation [CVE-2020-35875]low2.3---
167106internment Crate drop use after freemedium4.9---
167105rusqlite Crate sessions.rs use after freemedium4.9---
167104rusqlite Crate memory corruption [CVE-2020-35872]medium6.5---
167103rusqlite Crate Auxdata API memory corruption [CVE-2020-35871]medium6.5---
167102rusqlite Crate Auxdata API use after free [CVE-2020-35870]medium4.9---
167101rusqlite Crate log format stringmedium5.2---
167100rusqlite Crate UnlockNotification memory corruptionmedium6.5---
167099rusqlite Crate create_module memory corruptionmedium6.5---
167098rusqlite Crate memory corruption [CVE-2020-35866]medium6.5---
167097os_str_bytes Crate unknown vulnerabilitylow4.9---
167096flatbuffers Crate read_scalar unknown vulnerabilitylow---
167095hyper Crate HTTP Server request smuggling [CVE-2020-35863]medium6.0---
167094bitvec Crate BitVec to BitBox Conversion use after free [CVE-2020-35862]medium4.9---
167093bumpalo Crate memory corruption [CVE-2020-35861]low2.7---
167092cbox Crate API null pointer dereference [CVE-2020-35860]low2.3---
167091lucet-runtime-internals Crate memory corruption [CVE-2020-35859]medium5.2---
167090prost Crate Messages stack-based overflow [CVE-2020-35858]medium6.5---
167089trust-dns-server Crate resource consumption [CVE-2020-35857]low2.7---
167088Hgiga MailSherlock command injection [CVE-2020-35851]medium5.1---
167087Hgiga MailSherlock URL Parameter sql injection [CVE-2020-35743]medium5.1---
167086Hgiga MailSherlock URL Parameter sql injection [CVE-2020-35742]medium5.1---
167085Hgiga MailSherlock Login Page cross site scripting [CVE-2020-35741]low2.6---
167084Hgiga MailSherlock URL Parameter cross site scripting [CVE-2020-35740]low2.6---
167083Hgiga MailSherlock Source Code information disclosure [CVE-2020-25850]low2.6---
167082Hgiga MailSherlock Password Generator hard-coded password [CVE-2020-25848]medium7.5---
167081Panorama NHI ServiSignAdapter Security Control Components Digest Generation NHIServiSignAdapter information disclosurelow5.0---
167080Panorama NHI ServiSignAdapter Security Control Components NHIServiSignAdapter information disclosurelow5.0---
167079Panorama NHI ServiSignAdapter Security Control Components NHIServiSignAdapter stack-based overflowmedium5.1---
167078Panorama NHI ServiSignAdapter Security Control Components heap-based overflowmedium5.1---
167077Panorama NHI ServiSignAdapter Security Control Components NHIServiSignAdapter information disclosurelow5.0---
167076failure Crate type confusion [CVE-2019-25010]medium4.9---
167075http crate API Drain unknown vulnerabilitylow4.9---
167074http crate reserve integer overflowlow2.3---
167073streebog Crate Hash denial of service [CVE-2019-25007]low2.3---
167072streebog Crate Hash unknown vulnerability [CVE-2019-25006]low4.9---
167071chacha20 Crate inadequate encryption [CVE-2019-25005]low1.4---
167070flatbuffers Crate comparison [CVE-2019-25004]medium5.2---
167069libsecp256k1 Crate check_overflow timing discrepancylow1.4---
167068sodiumoxide Crate eq comparisonmedium4.9---
167067serde_cbor Crate CBOR Deserializer deserialization [CVE-2019-25001]low2.3---
167066libpulse-binding Crate Iterator use after freemedium4.9---
167065Umbraco CMS Installation path traversal [CVE-2020-5811]medium5.2---
167064Umbraco CMS SVG File cross site scripting [CVE-2020-5810]low4.0---
167063Umbraco CMS TinyMCE Rich-Text Editor cross site scripting [CVE-2020-5809]low4.0---
167062MantisBT bug_revision_view_page.php information disclosurelow2.3---
167061Newgen eGov Correspondence Management System resource injectionmedium4.9---
167060FlatPress Blog cross site scripting [CVE-2020-35241]low4.0---
167059FluxBB Blog cross site scripting [CVE-2020-35240]low4.0---
167058Amaze File Manager App FTP Intent unknown vulnerability [CVE-2020-35173]low4.9---
167057Invision Community cross site scripting [CVE-2020-29477]low4.0---
167056WonderCMS Setting Menu cross site scripting [CVE-2020-29469]low4.0---
167055WonderCMS Page Description cross site scripting [CVE-2020-29233]low4.0---
167054EGavilanMedia User Registration and Login System with Admin Panel Admin Profile Page cross site scriptinglow4.0---
167053EGavilanMedia User Registration and Login System with Admin Panel Manage User Tab cross site scriptinglow4.0---
167052EGavilanMedia User Registration and Login System with Admin Panel User Login Page sql injectionmedium5.2---
167051Bolt Twig Context protection mechanism [CVE-2020-28925]low4.9---
167050Plone xml external entity reference [CVE-2020-28736]medium5.2---
167049Plone Traceback server-side request forgery [CVE-2020-28735]medium5.2---
167048Plone xml external entity reference [CVE-2020-28734]low4.9---
167047MantisBT API SOAP mc_project_get_users sql injectionmedium4.6---
167046Sentrifugo HTTP Header cross site scripting [CVE-2020-28365]low4.0---
167045Tenda AC1200 Password API denial of service [CVE-2020-28095]low5.2---
167044dotCMS REST Endpoint containers sql injectionmedium6.5---
167043Docker Engine Builder check.go ioutil.TempDir unknown vulnerabilitylow4.9---
167042Vega Expression cross site scripting [CVE-2020-26296]low4.0---
167041URI.js javascript URL block server-side request forgerymedium6.5---
167040parse-server LDAP Authentication credentials storage [CVE-2020-26288]low4.0---
167039Nokogiri Gem Schema server-side request forgerymedium5.8---
167038DrayTek Vigor2960 mainfunction.cgi toLogin2FA os command injectionmedium6.5---
167037User-Friendly SVN Timeline module LastHundredRequest os command injectionmedium6.5---
167036XWiki Platform Property Displayer escape output [CVE-2020-13654]low4.9---
167035gssproxy gp_workers.c gp_worker_main unknown vulnerabilitylow4.9---
167034QEMU iscsi.c iscsi_aio_ioctl_cb heap-based overflowlow2.7---
167033Webswing JsLink Remote Privilege Escalation [CVE-2020-11103]medium6.0---
167032Nukeviet HTTP Request click.php sql injectionmedium5.2---
167031NukeViet nvloginhash Cookie is_user.php deserializationmedium4.9---
167030QEMU ATI VGA ati_cursor_define out-of-bounds readlow2.3---
167029MatrixSSL DTLS Server memory corruption [CVE-2019-16747]medium7.5---
167028Ptarmigan API Token Validation unknown vulnerability [CVE-2019-16281]low4.9---
167027LINBIT csync2 gnutls_handshake return valuemedium4.9---
167026MorphToken Constructor access control [CVE-2019-15080]medium5.2---
167025EAI access control [CVE-2019-15079]medium5.2---
167024AirdropX Born access control [CVE-2019-15078]medium5.2---
167023Dropbear information disclosure [CVE-2019-12953]low2.3---
167022D-Link DAP-1650 improper authentication [CVE-2019-12768]medium7.5---
167021OpenEMR manage_site_files.php cross-site request forgerylow4.0---
167020Green Packet WiMax DV-360 lighttpd command injection [CVE-2018-14067]medium7.5---
167019CMS fileController.php input validationmedium4.9---
167018Exponent CMS purchaseOrderController.php input validationmedium4.9---
167017Exponent CMS find_help.php input validationmedium4.9---
167016Exponent CMS usersController.php input validationmedium4.9---
167015Exponent CMS storeController.php input validationmedium4.9---
167014Rocket.Chat SAML Login unknown vulnerability [CVE-2020-29594]low4.9---
167013Huawei Smart Phone Message denial of service [CVE-2020-9223]low3.5---
167012Huawei iManager NetEco 6000 information disclosure [CVE-2020-9208]low2.3---
167011Huawei CloudEngine File improper authentication [CVE-2020-9207]medium5.8---
167010Huawei Mate 30 Packet permission [CVE-2020-9125]medium5.2---
167009Huawei CloudEngine Messages memory leak [CVE-2020-9124]low4.3---
167008Huawei CloudEngine Message denial of service [CVE-2020-9094]low2.3---
167007Huawei Taurus-AL00A Message use after free [CVE-2020-9093]medium4.9---
167006Rockwell Automation FactoryTalk Diagnostics Viewer Service Port 5241 RsvcHost.exe wcscpy_s memory corruptionmedium7.5---
167005Rockwell Automation FactoryTalk Linx Service Port 7153 messaging.dll HandleBrowseLoadIconStreamRequest memory corruptionmedium5.2---
167004Rockwell Automation FactoryTalk Linx Service Port 4241 RSLinxNG.exe memory corruptionmedium5.2---
167003Rockwell Automation FactoryTalk Linx Service Port 4241 RnaDaSvr.dll HandleRequest denial of servicelow2.3---
167002cockpit-project Cockpit server-side request forgery [CVE-2020-35850] [Disputed]medium5.2---
167001Agentejo Cockpit Auth.php newpassword sql injectionmedium6.5---
167000Agentejo Cockpit Auth.php resetpassword sql injectionmedium6.5---
166999Agentejo Cockpit Auth.php check sql injectionmedium6.5---
166998Netgear WNR2050 cross site scripting [CVE-2020-35842]low2.7---
166997Netgear WNR2050 cross site scripting [CVE-2020-35841]low2.7---
166996Netgear WNR2050 cross site scripting [CVE-2020-35840]low2.7---
166995Netgear D7800/R7500v2/R7800/R8900/R9000/XR500/XR700/RAX120 cross site scriptinglow3.3---
166994Netgear D7800/R7500v2/R7800/R8900/R9000/RAX120/XR500/XR700 cross site scriptinglow3.3---
166993Netgear D7800/R7500v2/R7800/R8900/R9000/RAX120/XR500/XR700 cross site scriptinglow3.3---
166992Netgear D7800/R7500v2/R7800/R8900/R9000/XR500/XR700/RAX120 cross site scriptinglow3.3---
166991Netgear D7800/R7500v2/R7800/R8900/R9000/RAX120/XR500/XR700 cross site scriptinglow3.3---
166990Netgear D7800/R7500v2/R7800/R8900/R9000/RAX120/XR500/XR700 cross site scriptinglow3.3---
166989Netgear XR700 cross site scripting [CVE-2020-35833]low3.3---
166988Netgear XR700 cross site scripting [CVE-2020-35832]low3.3---
166987Netgear XR700 cross site scripting [CVE-2020-35831]low3.3---
166986Netgear XR700 cross site scripting [CVE-2020-35830]low3.3---
166985Netgear XR700 cross site scripting [CVE-2020-35829]low3.3---
166984Netgear R7500v2 cross site scripting [CVE-2020-35828]low3.3---
166983Netgear RAX120 cross site scripting [CVE-2020-35827]low3.3---
166982Netgear XR700 cross site scripting [CVE-2020-35826]low3.3---
166981Netgear XR700 cross site scripting [CVE-2020-35825]low3.3---
166980Netgear XR700 cross site scripting [CVE-2020-35824]low3.3---
166979Netgear XR700 cross site scripting [CVE-2020-35823]low3.3---
166978Netgear D7800/R7500v2/R7800/R8900/R9000/RAX120/XR500/XR700 cross site scriptinglow3.3---
166977Netgear XR700 cross site scripting [CVE-2020-35821]low3.3---
166976Netgear XR700 cross site scripting [CVE-2020-35820]low3.3---
166975Netgear XR700 cross site scripting [CVE-2020-35819]low3.3---
166974Netgear XR700 cross site scripting [CVE-2020-35818]low3.3---
166973Netgear XR700 cross site scripting [CVE-2020-35817]low2.2---
166972Netgear XR700 cross site scripting [CVE-2020-35816]low3.3---
166971Netgear XR700 cross site scripting [CVE-2020-35815]low3.3---
166970Netgear XR700 cross site scripting [CVE-2020-35814]low3.3---
166969Netgear RAX120 cross site scripting [CVE-2020-35813]low3.3---
166968Netgear XR700 cross site scripting [CVE-2020-35812]low3.3---
166967Netgear XR700 cross site scripting [CVE-2020-35811]low3.3---
166966Netgear XR700 cross site scripting [CVE-2020-35810]low3.3---
166965Netgear XR700 cross site scripting [CVE-2020-35809]low3.3---
166964Netgear D6100/DM200/R7800/R8900/R9000/WN3000RPv/WNR2000v5 cross site scriptinglow3.3---
166963Netgear WN3000RPv2 cross site scripting [CVE-2020-35807]low3.3---
166962Netgear WN3000RPv2 cross site scripting [CVE-2020-35806]low3.3---
166961Netgear XR700 cross site scripting [CVE-2020-35805]low3.3---
166960Netgear D7800/R7800/R8900/R9000/XR700 information disclosurelow2.1---
166959Netgear AC2600 information disclosure [CVE-2020-35803]low1.4---
166958Netgear CBR40 information disclosure [CVE-2020-35802]low5.0---
166957Netgear JGS516PE/JGS524Ev2/JGS524PE/GS116Ev2 config [CVE-2020-35801]medium5.8---
166956Netgear AC2100 config [CVE-2020-35800]high10.0---
166955Netgear XR500 buffer overflow [CVE-2020-35799]medium8.3---
166954Netgear and XR300 command injection [CVE-2020-35798]medium7.2---
166953Netgear NMS300 command injection [CVE-2020-35797]high10.0---
166952Netgear XR300 buffer overflow [CVE-2020-35796]medium8.3---
166951Netgear XR700 buffer overflow [CVE-2020-35795]high10.0---
166950Netgear RBS40V/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 command injectionmedium7.2---
166949Netgear D7800/R7500v2/R7800/R8900/R9000 command injection [CVE-2020-35793]medium6.5---
166948Netgear R7500v2/R8900/R9000/R7800 command injection [CVE-2020-35792]medium7.2---
166947Netgear R7800/R8900/R9000 command injection [CVE-2020-35791]medium5.9---
166946Netgear D7800/R7800/R8900/R9000 command injection [CVE-2020-35790]medium4.7---
166945Netgear NMS300 command injection [CVE-2020-35789]medium9.0---
166944Netgear WAC104 buffer overflow [CVE-2020-35788]medium6.2---
166943Netgear XR500 buffer overflow [CVE-2020-35787]medium7.7---
166942Netgear R7800 buffer overflow [CVE-2020-35786]medium4.7---
166941Netgear DGN2200v1 HTTPd improper authentication [CVE-2020-35785]medium4.3---
166940Netgear JGS516PE/JGS524PE/JGS524Ev2/GS116Ev2 access control [CVE-2020-35784]low4.3---
166939Netgear JGS516PE/GS116Ev2/JGS524Ev2/JGS524PE access control [CVE-2020-35783]medium3.3---
166938Netgear JGS516PE/JGS524Ev2/JGS524PE/GS116Ev2 access control [CVE-2020-35782]medium5.8---
166937Netgear NMS300 denial of service [CVE-2020-35781]medium6.8---
166936Netgear NMS300 denial of service [CVE-2020-35780]medium6.8---
166935Netgear NMS300 denial of service [CVE-2020-35779]low5.4---
166934Netgear GS716Tv3/GS724Tv4 cross-site request forgery [CVE-2020-35778]low5.0---
166933Netgear DGN2200v1 command injection [CVE-2020-35777]medium7.2---
166932TwitterServer Histogram Endpoint HistogramQueryHandler.scala cross site scriptinglow4.0---
166931site-offline Plugin wp_verify_nonce cross-site request forgerylow4.0---
166930Vidyo 02-09-D URI clickjacking [CVE-2020-35735]low4.0---
166929Nop Solution Ltd nopCommerce Schedule Task Name cross site scriptinglow4.0---
166928OpenCart Profile Picture cross site scripting [CVE-2020-29471]low3.3---
166927OpenCart Mail cross site scripting [CVE-2020-29470]low4.0---
166926libnested Prototype code injection [CVE-2020-28283]medium6.5---
166925getobject Prototype code injection [CVE-2020-28282]medium6.5---
166924set-object-value Prototype code injection [CVE-2020-28281]medium6.5---
166923predefine Prototype code injection [CVE-2020-28280]medium6.5---
166922flattenizer Prototype code injection [CVE-2020-28279]medium6.5---
166921shvl Prototype code injection [CVE-2020-28278]medium6.5---
166920dset Prototype code injection [CVE-2020-28277]medium6.5---
166919deep-set Prototype code injection [CVE-2020-28276]medium6.5---
166918cache-base Prototype code injection [CVE-2020-28275]medium6.5---
1669171E Client Inventory module Tachyon.Performance.Metrics.exe Remote Privilege Escalationmedium6.5---
1669161E Client Tachyon.Performance.Metrics.exe uncontrolled search pathmedium6.5---
1669151E Client access controlmedium6.5---
166914Huawei Jackman-AL00D denial of service [CVE-2020-1848]low1.7---
1669131E Client MSI Installer Remote Privilege Escalation [CVE-2020-16268]medium6.5---
166912Amino Communications AK45x/AK5xx/AK65x/Aria6xx/Aria7/AK7Xx/Kami7B SSH Service hard-coded keymedium7.5---
166911Amino Communications AK45x/AK5xx/AK65x/Aria6xx/Aria7/AK7Xx/Kami7B CWMP Registration command injectionmedium7.6---
166910Amino Communications AK45x/AK5xx/AK65x/Aria6xx/Aria7/AK7Xx/Kami7B EntoneWebEngine command injectionmedium9.0---
166909Amino Communications AK45x/AK5xx/AK65x/Aria6xx/Aria7/AK7Xx/Kami7B EntoneWebEngine hard-coded credentialsmedium7.5---
166908Amino Communications AK45x/AK5xx/AK65x/Aria6xx/Aria7/AK7Xx/Kami7B VNC Server hard-coded passwordlow4.3---
166907SolarWinds Orion Platform API authentication bypass [CVE-2020-10148]medium7.5---
166906Apache Accumulo Policy Enforcement canPerformSystemActions insufficient permissions or privilegesmedium6.5---
166905Webmin CGI Program miniserv.pl unknown vulnerabilitymedium4.9---
166904QNAP QTS/QuTS Hero Application command injection [CVE-2020-25847]medium5.2---
166903OpenDKIM libopendkim testkeys symlinkmedium4.3---
166902RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scriptinglow4.0---
166901Ultimate WooCommerce Gift Cards Custom GiftCard Template unrestricted uploadmedium6.0---
166900Joomla! ACL input validation [CVE-2020-35616]medium4.9---
166899Joomla! Email Export cross-site request forgery [CVE-2020-35615]low4.0---
166898Joomla! Backend Login Page information disclosure [CVE-2020-35614]low2.7---
166897Joomla! Blacklist sql injection [CVE-2020-35613]medium6.5---
166896Joomla! mod_random_image path traversalmedium5.2---
166895Joomla! Configuration Page information disclosure [CVE-2020-35611]low4.0---
166894Joomla! com_finder access control [CVE-2020-35610]medium5.2---
166893GDM Session Shutdown race condition [CVE-2020-27837]low4.3---
166892G-Data symlink [CVE-2020-27172]medium5.2---
166891Arista EOS EVPN VxLAN access control [CVE-2020-26569]medium5.8---
166890Dex SAML Connector signature verification [CVE-2020-26290]medium7.5---
166889date-and-time incorrect regex [CVE-2020-26289]medium5.0---
166888HedgeDoc Mermaid Diagram cross site scripting [CVE-2020-26287]low4.0---
166887HedgeDoc uploadimage unrestricted uploadmedium7.5---
166886No Magic TeamworkCloud Installation environment permissionmedium7.1---
166885Arista EOS 7800R3/EOS 7500R3/EOS 7280R3 ARP Packet denial of servicemedium6.1---
166884Arista EOS/EOS X VLAN access control [CVE-2020-15898]medium5.8---
166883HCL Domino Server Public API denial of service [CVE-2020-14273]low3.3---
166882NCH Express Invoice Quotes List Module cross site scripting [CVE-2020-13476]low4.0---
166881NCH Express Account URL access control [CVE-2020-13474]medium5.2---
166880NCH Express Account Configuration File missing encryption [CVE-2020-13473]low1.7---
166879David Howden Tag readAtomData array indexlow4.9---
166878David Howden Tag readTextWithDescrFrame array indexlow4.9---
166877David Howden Tag readAPICFrame array indexlow4.9---
166876David Howden Tag readPICFrame array indexlow4.9---
166875Panasonic Security System WV-S2231L Admin Control Panel set_factory denial of servicelow1.5---
166874Panasonic Security System WV-S2231L hard-coded password [CVE-2020-29193]low3.3---
166873Zammad REST API Call access control [CVE-2020-29160]medium4.1---
166872Zammad privileges management [CVE-2020-29159]medium5.2---
166871Zammad Ticket Detail View access control [CVE-2020-29158]medium5.2---
166870Foscam FHD X1 Local Privilege Escalation [CVE-2020-28096]medium6.6---
166869Tenda AC1200 Download unknown vulnerability [CVE-2020-28094]medium4.9---
166868Tenda AC1200 hard-coded password [CVE-2020-28093]medium5.8---
166867Zammad Tags Element cross site scripting [CVE-2020-26035]low4.0---
166866Zammad Create User information disclosure [CVE-2020-26034]low2.7---
166865Zammad REST API cross-site request forgery [CVE-2020-26033]low4.0---
166864Zammad Massenversand server-side request forgery [CVE-2020-26032]medium5.2---
166863Zammad Global Search permission [CVE-2020-26031]medium5.2---
166862Zammad SSO Endpoint improper authentication [CVE-2020-26030]medium5.2---
166861Zammad X-On-Behalf-Of Header improper authorization [CVE-2020-26029]medium5.2---
166860Zammad Ticket permission [CVE-2020-26028]medium5.2---
166859Wavpack pack_utils.c WavpackPackSamples out-of-bounds writemedium5.2---
166858Dan McDougall GateOne pathname traversal [CVE-2020-35736]low2.7---
166857Automattic WooCommerce Plugin Order Status fetch_order_status information disclosurelow3.5---
166856ZyXEL VPN On-premise Password Change chg_exp_pwd command injectionmedium5.2---
166855cxuucms admin.php cross site scriptinglow4.0---
166854cxuucms layui-input Class cross site scripting [CVE-2020-29249]low4.0---
166853XXL-JOB Add User UserController.java cross site scriptinglow4.0---
166852Backblaze bztransmit Helper privileges management [CVE-2020-8290]medium5.2---
166851Backblaze bztransmit Helper certificate validation [CVE-2020-8289]medium7.5---
166850Spamsniper Mail From stack-based overflow [CVE-2020-7845]medium7.5---
166849KLog Server authenticate.php os command injectionmedium5.2---
166848FasterXML jackson-databind Serialization Gadget unknown vulnerabilitylow4.9---
166847Autobahn-Python Header injection [CVE-2020-35678]medium4.9---
166846GNU Binutils libbfd.c bfd_getl_signed_32 heap-based overflowmedium5.2---
166845Beijing Huorong Internet Security injection [CVE-2020-35364]medium6.5---
166844Flamingo addUser sql injectionmedium6.5---
166843Flamingo addGroup sql injectionmedium6.5---
166842Flamingo updateUserInfoInDb sql injectionmedium6.5---
166841Flamingo updateUserTeamInfoInDbAndMemory sql injectionmedium6.5---
166840struct2json strcpy buffer overflowmedium5.2---
166839OAID Tengine Serializer Module buffer overflow [CVE-2020-28759] [Disputed]medium5.2---
166838DEXT5Upload dext5handler.jsp pathname traversalmedium4.0---
166837Flamingo File Transfer Request pathname traversal [CVE-2020-35284]medium6.5---
166836Linksys RE6500 langSwitch denial of servicelow3.5---
166835Linksys RE6500 upload_settings.cgi os command injectionmedium6.5---
166834Linksys RE6500 systemCommand command injectionmedium6.5---
166833RE6500 New Password setSysAdm os command injectionmedium6.5---
166832Esri ArcGIS Server server-side request forgery [CVE-2020-35712]medium5.2---
166831arc-swap Crate Constant Test Helper Map unknown vulnerabilitylow4.9---
166830Parallels Remote Application Server Login Form socket.io information disclosurelow3.5---
166829BloofoxCMS Content-Type pathname traversal [CVE-2020-35709]medium6.5---
166828TP-Link WRD4300 Web Interface information disclosure [CVE-2020-35575]low3.5---
166827Gobby D-Bus set_language null pointer dereferencelow2.3---
166826Subrion CMS POST Request cross site scripting [CVE-2020-35437]low4.0---
166825Rainrocka Xinhu information disclosure [CVE-2020-35388]low3.5---
166824Xpdf Type 1C Font getOp stack-based overflowmedium5.2---
166823Pure-FTPd Connection resource consumption [CVE-2020-35359]low5.0---
166822TechKshetra Info Solutions Savsoft Quiz Custom Fields Page field_title cross site scriptinglow4.0---
166821cxuucms cross-site request forgery [CVE-2020-35347]low4.0---
166820cxuucms cross site scripting [CVE-2020-35346]low4.0---
166819GNOME gdk-pixbuf LZW Compression lzw.c write_indexes infinite looplow2.3---
166818LiteSpeed Cache Plugin cross site scripting [CVE-2020-29172]low4.0---
166817TechKshetra Info Solutions Savsoft Quiz cross site scriptinglow4.0---
166816PHPGurukul User Registration & Login cross-site request forgerylow4.0---
166815Stratodesk NoTouch Center submitCreateTCUser.do access controlmedium5.2---
166814Xiph.Org libvorbis OGG File codebook.c array indexmedium4.9---
166813PHPList Import Administrators Page sql injection [CVE-2020-35708]medium6.5---
166812Daybyday New Client Screen cross site scripting [CVE-2020-35707]low4.0---
166811Daybyday New Project Screen cross site scripting [CVE-2020-35706]low4.0---
166810Daybyday New User Screen cross site scripting [CVE-2020-35705]low4.0---
166809Daybyday New Lead Screen cross site scripting [CVE-2020-35704]low4.0---
166808Huawei TE Mobile information disclosure [CVE-2020-9202]low2.3---
166807Huawei NIP6800/Secospace USG6600/Secospace USG9500 DHCP Message out-of-bounds readlow4.9---
166806Huawei iManager NetEco 6000 csv injection [CVE-2020-9200]medium4.9---
166805Huawei CloudEngine 7800 access control [CVE-2020-9137]medium4.3---
166804Huawei CloudEngine 1800V Messages resource consumption [CVE-2020-9120]low3.5---
166803Huawei Smart Phone access control [CVE-2020-9119]medium4.3---
166802Poppler PDF Document DCTStream.cc getChars heap-based overflowmedium5.2---
166801Samsung Galaxy Note 4 Bluetooth Low Energy information disclosurelow2.1---
166800OpenSMTPD lka_filter.c null pointer dereferencelow3.5---
166799OpenSMTPD Message table.c memory leaklow2.3---
166798Pi-hole DNS Query Log cross site scripting [CVE-2020-35659]low4.0---
166797EGavilan Media EGM Address Book Admin Panel sql injection [CVE-2020-29474]medium6.5---
166796EGavilan Media Under Construction Page Admin Panel sql injectionmedium6.5---
166795WonderCMS Admin Panel cross site scripting [CVE-2020-29247]low4.0---
166794TerraMaster TOS access control [CVE-2020-29189]medium6.5---
166793MariaDB Named Pipe Connection channel accessible [CVE-2020-28912]medium6.0---
166792TerraMaster TOS Update cleartext transmission [CVE-2020-28190]low2.6---
166791TerraMaster TOS makecvs.php os command injectionmedium7.5---
166790TerraMaster TOS pathname traversal [CVE-2020-28187]medium6.5---
166789TerraMaster TOS Forgot Password injection [CVE-2020-28186]medium7.5---
166788TerraMaster TOS initialise.php information disclosurelow5.0---
166787TerraMaster TOS index.php cross site scriptinglow4.0---
166786td-agent-builder Plugin permission [CVE-2020-28169]medium6.5---
166785F5 BIG-IP APM redirect [CVE-2020-27729]medium7.5---
166784F5 BIG-IP ASM/Advanced WAF AVRD denial of service [CVE-2020-27728]low2.3---
166783F5 BIG-IP iAppsLX REST Installer information disclosure [CVE-2020-27727]low4.0---
166782F5 BIG-IP APM Resource Information Page cross site scriptinglow4.0---
166781F5 BIG-IP DNS/BIG-IP GTM zxfrd memory leak [CVE-2020-27725]low2.3---
166780F5 BIG-IP APM TMM resource consumption [CVE-2020-27724]low4.0---
166779F5 BIG-IP APM Traffic Management Microkernel denial of servicelow2.3---
166778F5 BIG-IP APM VDI Plugin resource consumption [CVE-2020-27722]low3.5---
166777F5 BIG-IP DNS/BIG-IP LTM GSLB DNS Response denial of servicelow2.3---
166776F5 BIG-IP LTM Traffic Management Microkernel CGNAT denial of servicelow2.3---
166775F5 BIG-IP Configuration utility cross site scripting [CVE-2020-27719]low4.0---
166774F5 BIG-IP ASM/Advanced WAF JSON Payload resource consumptionlow2.3---
166773F5 BIG-IP DNS TMM denial of service [CVE-2020-27717]low2.3---
166772F5 BIG-IP Traffic Management Microkernel denial of service [CVE-2020-27716]low2.3---
166771F5 BIG-IP Management Interface resource consumption [CVE-2020-27715]low4.0---
166770F5 BIG-IP Protocol Inspection Profile denial of service [CVE-2020-27714]low2.3---
166769BrowserUp Proxy HTTP Content injection [CVE-2020-26282]medium7.5---
166768ARM Compiler Protection Feature stack-based overflow [CVE-2020-24658]medium4.0---
166767Hyperledger Indy Node signature verification [CVE-2020-11093]low5.0---
166766NEC iSM Client certificate validation [CVE-2020-5684]medium5.1---
166765Epson EpsonNet SetupManager DLL untrusted search path [CVE-2020-5681]medium4.9---
166764IBM DB2/DB2 Connect Server Management Service denial of servicelow1.7---
166763BigProf Online Invoicing System pageEditGroup.php cross site scriptinglow4.0---
166762BigProf Online Invoicing System Self-Registration membership_signup.php cross site scriptinglow4.0---
166761http Package HTTP Request injection [CVE-2020-35669]medium4.9---
166760RedisGraph null pointer dereference [CVE-2020-35668]low2.3---
166759Steedos findone sql injectionmedium7.5---
166758TerraMaster TOS CSV makecvs.php os command injectionhigh10.0---
166757Advanced Comment System index.php pathname traversalmedium5.0---
166756Raysync code injection [CVE-2020-35370]medium7.5---
166755Nagios Core cross-site request forgery [CVE-2020-35269]low5.0---
166754User Registration & Login System with Admin Panel cross site scriptinglow5.0---
166753SourceCodester Online Health Care System sql injection [CVE-2020-28074]medium7.5---
166752SourceCodester Library Management System sql injection [CVE-2020-28073]medium7.5---
166751SourceCodester Alumni Management System gallery.php cross site scriptinglow3.3---
166750SourceCodester Alumni Management System view_event.php sql injectionmedium7.5---
166749projectworlds Online Matrimonial Project unrestricted uploadmedium6.5---
166748QNAP QES information exposure [CVE-2020-2505]low3.3---
166747QNAP QES File Station path traversal [CVE-2020-2504]medium5.0---
166746QNAP QES File Station cross site scripting [CVE-2020-2503]low4.0---
166745QNAP QES hard-coded password [CVE-2020-2499]low3.3---
166744CRK Business Platform erro.aspx cross site scriptinglow5.0---
166743CRK Business Platform sql injection [CVE-2020-13968]medium7.5---
166742Programi Bilanc inadequate encryption [CVE-2020-11719]low5.0---
166741Bitcoin SV Transaction resource consumption [CVE-2018-1000893]low5.0---
166740Bitcoin SV sendheaders Message resource consumption [CVE-2018-1000892]low5.0---
166739Bitcoin SV Checksum resource consumption [CVE-2018-1000891]low5.0---
166738Uncanny Owl Tin Canny Reporting TinCan_Content_List_Table.php cross site scriptinglow4.0---
166737Opera Web Browser Address Bar cross site scripting [CVE-2020-6159]low5.0---
166736Uncanny Groups POST Parameter user-code-redemption.php ulgm_code_redeem cross site scriptinglow4.0---
166735Mersive Solstice Pod Firmware information disclosure [CVE-2020-35587] [Disputed]low4.3---
166734Mersive Solstice Pod Open Control API excessive authenticationlow2.6---
166733Mersive Solstice Pod Open Control API info excessive authenticationlow2.6---
166732Mersive Solstice Pod Web Services cleartext transmission [CVE-2020-35584]low2.6---
166731Dolibarr Admin Dashboard dolibarr_export.php command injectionmedium5.8---
166730Eveo URVE os command injection [CVE-2020-29552]medium5.2---
166729Eveo URVE Shutdown shutdown.php unknown vulnerabilitymedium4.9---
166728Eveo URVE sql_db.backup cleartext storagelow2.7---
166727Moxa NPort IAW5000A-IO Web Server session fixiation [CVE-2020-25198]medium7.5---
166726Moxa NPort IAW5000A-IO Telnet/SSH excessive authentication [CVE-2020-25196]low2.6---
166725Moxa NPort IAW5000A-IO Web Server privileges management [CVE-2020-25194]medium6.5---
166724Moxa NPort IAW5000A-IO Web Server information disclosure [CVE-2020-25192]low5.0---
166723Moxa NPort IAW5000A-IO Web Server missing encryption [CVE-2020-25190]low2.6---
166722Moxa NPort IAW5000A-IO Web Service weak password [CVE-2020-25153]low2.6---
166721Programi Bilanc Installation hard-coded password [CVE-2020-11720]medium5.8---
166720Programi Bilanc software-update Package missing encryption [CVE-2020-11718]low2.6---
166719TitanHQ SpamTitan Backup cleartext storage [CVE-2020-35658]low2.3---
166718Jaws Theme os command injection [CVE-2020-35657]medium6.5---
166717Jaws unrestricted upload [CVE-2020-35656]medium6.5---
166716Microsoft Azure Sphere ioctl Call memory corruption [CVE-2020-35609]medium5.2---
166715Microsoft Azure Sphere AF_PACKET Socket memory corruption [CVE-2020-35608]medium5.2---
166714ZyXEL USG SSH Server/Web Interface hard-coded password [CVE-2020-29583]medium7.5---
166713Odoo Community/Enterprise Python sandbox [CVE-2020-29396]medium6.5---
166712Malwarebytes Free Symbolic Links symlink [CVE-2020-28641]medium6.5---
166711Treck IPv6 DHCPv6 Client out-of-bounds read [CVE-2020-27338]low5.0---
166710Treck IPv6 out-of-bounds write [CVE-2020-27337]medium7.5---
166709Treck IPv6 out-of-bounds read [CVE-2020-27336]low5.0---
166708Nanosystems SupRemo File Manager Supremo.exe untrusted search pathmedium9.0---
166707Treck HTTP Server heap-based overflow [CVE-2020-25066]medium7.5---
166706ABB Symphony Plus Operations/Symphony Plus Historian authentication bypasshigh10.0---
166705ABB Symphony Plus Operations/Symphony Plus Historian credentials storagelow1.0---
166704ABB Symphony Plus Operations/Symphony Plus Historian Message denial of servicemedium7.8---
166703ABB Symphony Plus Operations/Symphony Plus Historian privileges managementmedium9.0---
166702ABB Symphony Plus Operations/Symphony Plus Historian unusual conditionmedium9.0---
166701ABB Symphony Plus Operations/Symphony Plus Historian insufficient privilegesmedium9.0---
166700ABB Symphony Plus Operations/Symphony Plus Historian History Server improper authenticationhigh10.0---
166699ABB Symphony Plus Operations/Symphony Plus Historian improper authorizationmedium9.0---
166698ABB Symphony Plus Operations/Symphony Plus Historian sql injectionhigh10.0---
166697D-Link DSL-2888A Web User Interface execute_cmd.cgi os command injectionmedium7.7---
166696D-Link DSL-2888A improper authentication [CVE-2020-24580]medium4.3---
166695D-Link DSL-2888A improper authentication [CVE-2020-24579]medium7.5---
166694D-Link DSL-2888A FTP Service information disclosure [CVE-2020-24578]low5.0---
166693Oracle Cloud Services Infrastructure Identity/Access Management Remote Privilege Escalationmedium5.8---
166692HCL Domino Server XPages information disclosure [CVE-2020-14270]low2.9---
166691HCL Client Application Access stack-based overflow [CVE-2020-14231]medium5.2---
166690Foxit PDF Reader Browser Plugin use after free [CVE-2020-13570]medium7.5---
166689Foxit PDF Reader Browser Plugin use after free [CVE-2020-13560]medium7.5---
166688Foxit PDF Reader Browser Plugin use after free [CVE-2020-13557]medium7.5---
166687Foxit PDF Reader Browser Plugin memory corruption [CVE-2020-13547]medium7.5---
166686Odoo Community/Enterprise access control [CVE-2019-11786]medium6.5---
166685Odoo Community/Enterprise Mail Module access control [CVE-2019-11785]medium6.5---
166684Odoo Community/Enterprise Mail Module access control [CVE-2019-11784]medium6.5---
166683Odoo Community/Enterprise Mail Channel access control [CVE-2019-11783]medium6.5---
166682Odoo Community/Enterprise Contact Management access control [CVE-2019-11782]medium6.5---
166681Odoo Community/Enterprise Portal input validation [CVE-2019-11781]medium7.5---
166680Odoo Community/Enterprise access control [CVE-2018-15645]medium6.5---
166679Odoo Community/Enterprise Calendar Event cross site scriptinglow4.0---
166678Odoo Community/Enterprise Mail Module cross site scripting [CVE-2018-15638]low4.0---
166677Odoo Community/Enterprise Attachment Management cross site scriptinglow5.0---
166676Odoo Community/Enterprise Document Module cross site scriptinglow5.0---
166675Odoo Community/Enterprise Database input validation [CVE-2018-15632]medium7.5---
166674multi-ini injection [CVE-2020-28460]low5.1---
166673multi-ini injection [CVE-2020-28448]low5.1---
166672Programi Bilanc hard-coded credentials [CVE-2020-8995]medium7.5---
166671PushToWatch extension PushToWatch.php onSkinAddFooterLinks cross-site request forgerylow4.0---
166670Widgets Extension Smarty Template command unknown vulnerabilitymedium4.9---
166669SecurePoll Extension Vote information disclosure [CVE-2020-35624]low1.4---
166668CasAuth Extension unknown vulnerability [CVE-2020-35623]medium4.9---
166667GlobalUsage Extension SpecialGlobalUsage.php makeForeignLink cross site scriptinglow4.0---
166666Online Marriage Registration System POST Parameter search.php sql injectionmedium4.6---
166665MiniWeb HTTP Server POST Request denial of service [CVE-2020-29596]low5.0---
166664Hugo Pandoc Document exec os command injectionmedium5.1---
166663async-h1 POST Request request smuggling [CVE-2020-26281]medium7.5---
166662DBdeployer Tarball link following [CVE-2020-26277]medium5.1---
166661Programi sql injection [CVE-2020-11717]medium6.5---
166660Philips Hue Service Port 80 denial of service [CVE-2018-7580]low3.3---
166659Webmin Package Updates Module unknown vulnerability [CVE-2020-35606]medium7.4---
166658Kitty Graphics Protocol graphics.c injectionlow3.5---
166657Kronos webTA SAML xml external entity reference [CVE-2020-35604]medium4.9---
166656SeaCMS admin_members_group.php sql injectionmedium6.5---
166655yunyecms sql injection [CVE-2020-21377]medium6.5---
166654ZTE E8810/E8820/E8822 MQTT Service information disclosure [CVE-2020-6882]low3.5---
166653ZTE E8810/E8820/E8822 MQTT denial of service [CVE-2020-6881]low3.5---
166652Tenable Tenable.sc Automatic Distribution Configuration unknown vulnerabilitylow4.9---
166651IBM Loopback Javascript injection [CVE-2020-4988]medium7.5---
166650IBM MQ Connection denial of service [CVE-2020-4870]low2.6---
166649IBM Security Secret Server information disclosure [CVE-2020-4843]low4.0---
166648IBM Security Secret Server information exposure [CVE-2020-4842]low3.3---
166647IBM Security Secret Server missing encryption [CVE-2020-4841]low2.6---
166646IBM Security Secret Server redirect [CVE-2020-4840]low5.0---
166645IBM Automation Workstream Services improper authorization [CVE-2020-4794]medium6.5---
166644IBM FileNet Content Manager/Content Navigator Web UI cross site scriptinglow4.0---
166643IBM Financial Transaction Manager user session [CVE-2020-4555]medium6.5---
166642VMware ESXi/Workstation/Fusion/Cloud Foundation GuestInfo denial of servicelow2.3---
166641ovirt-engine information disclosure [CVE-2020-35497]low2.3---
166640EgavilanMedia ECM Address Book Admin Login Panel sql injectionmedium5.2---
166639Coastercms cross site scripting [CVE-2020-35275]low4.0---
166638DotCMS Add Template with Admin Panel cross site scripting [CVE-2020-35274]low4.0---
166637EgavilanMedia User Registration & Login System with Admin Panel cross-site request forgerylow4.0---
166636crewjam saml signature verification [CVE-2020-27846]low2.3---
166635Emerson Rosemount X-STREAM Gas Analyzer improper authenticationmedium5.8---
166634Wireshark QUIC Dissector denial of service [CVE-2020-26422]low5.1---
166633Jupyter Server redirect [CVE-2020-26275]medium7.5---
166632tlslite-ng inadequate encryption [CVE-2020-26263]low2.6---
166631Nifty-PM CPE injection [CVE-2020-26049]medium6.0---
166630Pengutronix RAUC Update Client Signature Verification install.c toctoumedium7.4---
166629Apache Airflow improper authorization [CVE-2020-17526]medium5.2---
166628HCL iNotes Message Content information disclosure [CVE-2020-14225]low5.0---
166627SolarWinds Web Help Desk Formula csv injection [CVE-2019-16959]medium4.9---
166626limit-login-attempts-reloaded Plugin X-Forwarded-For Header LimitLoginAttempts.php origin validationlow4.0---
166625limit-login-attempts-reloaded Plugin cross site scripting [CVE-2020-35589]low4.0---
166624Atlassian Crucible File Upload denial of service [CVE-2020-29447]low3.5---
166623HP Support Assistant denial of service [CVE-2019-18920]low3.2---
166622HP Support Assistant Local Privilege Escalation [CVE-2019-18919]medium6.8---
166621tindy2013 subconverter API Endpoint denial of service [CVE-2020-35579]low2.3---
166620PostSRSd Timestamp Tag srs2.c denial of servicelow3.5---
166619HPE iLO Amplifier Pack Server Remote Privilege Escalation [CVE-2020-7203]medium6.0---
166618HPE StoreEver MSL2024/StoreEver 1-8 G2 cross-site request forgerylow4.0---
166617HPE Systems Insight Manager Remote Privilege Escalation [CVE-2020-7200]medium6.0---
166616Marvell QConvergeConsole GUI path traversal [CVE-2020-5803]medium8.5---
166615HCL Verse Message Content cross site scripting [CVE-2020-4080]low5.0---
166614Ceph insufficiently protected credentials [CVE-2020-27781]medium6.5---
166613ThingsBoard Host Header injection [CVE-2020-27687]medium7.5---
166612OpenSlides cross site scripting [CVE-2020-26280]low4.0---
166611WeiPHP wp_where sql injectionmedium6.5---
166610WeiPHP POST access control [CVE-2020-20299]medium5.2---
166609zzzphp zzz_template.php injectionmedium6.0---
166608zzcms User Login Page login.php cross site scriptinglow4.0---
166607uftpd FTP Server common.c compose_abspath pathname traversalmedium7.5---
166606uftpd FTP Server common.c handle_PORT buffer overflowmedium7.5---
166605Apache Pulsar Manager Verification permission [CVE-2020-17520]medium5.8---
166604HCL iNotes Message Content or cross site scriptinglow5.0---
166603HCL Notes MIME Message buffer overflow [CVE-2020-14224]medium7.5---
166602Kepware LinkMaster access control [CVE-2020-13535]medium9.0---
166601NZXT Cam IO Request Packet access control [CVE-2020-13519]medium5.2---
166600NZXT Cam IO Request Packet access control [CVE-2020-13515]medium5.2---
166599NZXT Cam IO Request Packet access control [CVE-2020-13514]medium5.2---
166598NZXT Cam IO Request Packet access control [CVE-2020-13513]medium5.2---
166597NZXT Cam IO Request Packet access control [CVE-2020-13512]medium5.2---
166596DolphinScheduler mysql connectorj Remote Privilege Escalationmedium6.0---
166595Open Zaak origin validation [CVE-2020-26251]medium5.1---
166594IBM Planning Analytics cross-site request forgery [CVE-2020-4764]low5.0---
166593SpiceWorks Host Header injection [CVE-2020-25901]medium4.9---
166592Xinuos OpenServer cross site scripting [CVE-2020-25495]low4.0---
166591Xinuos OpenServer printbook os command injectionmedium5.2---
166590LG Mobile Device Dual Screen improper authentication [CVE-2020-35555]medium4.6---
166589LG Mobile Device WebView SSL unknown vulnerability [CVE-2020-35554]low4.9---
166588Samsung Mobile Device denial of service [CVE-2020-35553]low2.3---
166587Samsung Mobile Device GPS Daemon information disclosure [CVE-2020-35552]low1.7---
166586Samsung Mobile Device RPMB access control [CVE-2020-35551]medium5.8---
166585Samsung Mobile Device Factory Reset Protection access controlmedium7.7---
166584Samsung Mobile Device Dialer Local Privilege Escalation [CVE-2020-35549]low4.3---
166583Samsung Mobile Device Finder denial of service [CVE-2020-35548]low2.3---
166582MediaWiki information disclosure [CVE-2020-35480]low5.0---
166581MediaWiki BlockLogFormatter.php translateBlockExpiry cross site scriptinglow5.0---
166580MediaWiki Raw HTML BlockLogFormatter.php makePageLink cross site scriptinglow5.0---
166579MediaWiki Log Entry unknown vulnerability [CVE-2020-35477]low5.5---
166578MediaWiki Raw HTML Special:UserRights cross site scriptinglow5.0---
166577MediaWiki Messages text cross site scriptinglow4.0---
166576Mitel MiVoice 6930/MiVoice 6940 Bluetooth Handset improper authenticationmedium3.7---
166575Mitel MiVoice 6873i/MiVoice 6930/MiVoice 6940 Bluetooth Handset Local Privilege Escalationlow3.7---
166574Mitel MiCollab redirect [CVE-2020-27340]medium5.2---
166573Mitel BusinessCTI Enterprise Client Chat Window information disclosurelow2.7---
166572Tangro Business Workflow Attachment information disclosure [CVE-2020-26178]low5.0---
166571Tangro Business Workflow profile access controlmedium5.5---
166570Tangro Business Workflow API Endpoint attachments access controlmedium4.0---
166569Tangro Business Workflow profile access controlmedium6.5---
166568Tangro Business Workflow Restrictions unrestricted upload [CVE-2020-26174]medium6.5---
166567Tangro Business Workflow PDF improper authentication [CVE-2020-26173]medium5.0---
166566Tangro Business Workflow JWT Token authentication replay [CVE-2020-26172]medium7.5---
166565Tangro Business Workflow Attachment upload access controlmedium6.5---
166564Mitel MiCollab NuPoint Messenger access control [CVE-2020-25612]low2.7---
166563Mitel MiCollab AWV Portal cross site scripting [CVE-2020-25611]low4.0---
166562Mitel MiCollab AWV access control [CVE-2020-25610]medium5.2---
166561Mitel MiCollab NuPoint Messenger Portal cross site scriptinglow4.0---
166560Mitel MiCollab SAS Portal sql injection [CVE-2020-25608]medium6.5---
166559Mitel MiCollab AWV cross site scripting [CVE-2020-25606]low4.0---
166558Mitel MiContact Center Business Ignite Portal information disclosurelow1.7---
166557SolarWinds Web Help Desk User Account cross site scripting [CVE-2019-16957]low5.0---
166556SolarWinds Web Help Desk SVG Document cross site scripting [CVE-2019-16955]low4.0---
166555Smilegate Stove Client input validation [CVE-2020-7838]medium7.5---
166554Bouncy Castle Legion of the Bouncy Castle Utility Method OpenBSDBCrypt.checkPassword comparisonmedium4.9---
166553Trend Micro InterScan Web Security Virtual Appliance command injectionmedium5.8---
166552Trend Micro InterScan Web Security Virtual Appliance improper authenticationmedium5.8---
166551Trend Micro InterScan Web Security Virtual Appliance Admin Interface unknown vulnerabilitylow4.9---
166550Trend Micro InterScan Web Security Virtual Appliance improper authorizationmedium5.2---
166549Trend Micro InterScan Web Security Virtual Appliance cross site scriptinglow4.0---
166548Trend Micro InterScan Web Security Virtual Appliance cross-site request forgerylow4.0---
166547IBM Security Key Lifecycle Manager information exposure [CVE-2020-4846]low3.3---
166546IBM Security Key Lifecycle Manager Web UI cross site scriptinglow4.0---
166545Spotweb sql injection [CVE-2020-35545]medium4.6---
166544FasterXML jackson-databind deserialization [CVE-2020-35491]medium6.0---
166543FasterXML jackson-databind deserialization [CVE-2020-35490]medium6.0---
166542Rocklobster Contact Form 7 unrestricted upload [CVE-2020-35489]medium6.0---
166541Linux-PAM Empty Password improper authentication [CVE-2020-27780]medium7.7---
166540Trend Micro InterScan Web Security Virtual Appliance Web Interface cross site scriptinglow4.0---
166539Fleet SAML Response authentication spoofing [CVE-2020-26276]medium7.5---
166538jsonpickle decode deserializationmedium6.0---
166537Flexmonster Pivot Table & Charts To Remote CSV cross site scriptinglow4.0---
166536Flexmonster Pivot Table & Charts XMLA cross site scripting [CVE-2020-20141]low4.0---
166535Flexmonster Pivot Table & Charts Remote Report cross site scriptinglow4.0---
166534Flexmonster Pivot Table & Charts Remote JSON cross site scriptinglow4.0---
166533CMS Made Simple Showtime2 Slideshow Module cross site scriptinglow4.0---
166532BitDefender Hypervisor Introspection Compiler Optimization IntPeParseUnwindData null pointer dereferencemedium6.8---
166531BitDefender Hypervisor Introspection IntLixFileGetPath memory corruptionlow2.7---
166530BitDefender HVI IntLixTaskDumpTree out-of-bounds readlow2.3---
166529HCL Notes Parameter stack-based overflow [CVE-2020-14232]medium5.2---
166528Apache TomEE ActiveMQ Broker improper authentication [CVE-2020-13931]medium7.5---
166527Lantronix XPort EDGE Telnet CLI information disclosure [CVE-2020-13528]low2.6---
166526Lantronix XPort EDGE Web Manager improper authentication [CVE-2020-13527]medium5.8---
166525NZXT Cam IO Request Packet information disclosure [CVE-2020-13518]low2.3---
166524NZXT Cam IO Request Packet information disclosure [CVE-2020-13517]low2.3---
166523NZXT Cam IO Request Packet information disclosure [CVE-2020-13516]low2.3---
166522NZXT Cam IO Request Packet information disclosure [CVE-2020-13511]low2.3---
166521NZXT Cam IO Request Packet information disclosure [CVE-2020-13510]low2.3---
166520NZXT Cam IO Request Packet information disclosure [CVE-2020-13509]low2.3---
166519Phoenix Contact mGuard LAN Port missing initialization of resourcelow5.1---
166518WAGO PFC 100 os command injection [CVE-2020-12522]high10.0---
166517Phoenix Contact PLCnext LLDP Packet denial of service [CVE-2020-12521]low3.3---
166516Phoenix Contact PLCnext privileges management [CVE-2020-12519]medium6.8---
166515Phoenix Contact PLCnext information disclosure [CVE-2020-12518]low1.7---
166514Phoenix Contact PLCnext cross site scripting [CVE-2020-12517]low4.0---
166513Hashicorp Vault Enterprise Sentinel EGP Policy Feature unknown vulnerabilitylow4.9---
166512Memcached Docker Image hard-coded password [CVE-2020-35197]medium9.3---
166511Rabbitmq Docker Image hard-coded password [CVE-2020-35196]medium9.3---
166510Haproxy Docker Image hard-coded password [CVE-2020-35195]medium9.3---
166509Influxdb Docker Image hard-coded password [CVE-2020-35194]medium9.3---
166508Vault Docker Image hard-coded password [CVE-2020-35192]medium9.3---
166507Drupal Docker Image hard-coded password [CVE-2020-35191]medium9.3---
166506Plone Docker Image hard-coded password [CVE-2020-35190]medium9.3---
166505Kong Docker Image hard-coded password [CVE-2020-35189]medium9.3---
166504Chronograf Docker Image hard-coded password [CVE-2020-35188]medium9.3---
166503Telegraf Docker Image hard-coded password [CVE-2020-35187]medium9.3---
166502Adminer Docker Image hard-coded password [CVE-2020-35186]medium9.3---
166501Ghost Docker Image hard-coded password [CVE-2020-35185]medium9.3---
166500Composer Docker Image hard-coded password [CVE-2020-35184]medium9.3---
166499Hashicorp Vault/Vault Enterprise LDAP Auth Method information disclosurelow2.3---
166498Synacor Zimbra Collaboration Suite SAML Consumer Store Extension xml external entity referencelow4.9---
166497SSH Component denial of service [CVE-2020-29652]low3.5---
166496Sonatype Nexus Repository Manager xml external entity referencelow4.7---
166495Magic Home Pro Application improper authentication [CVE-2020-27199]medium5.8---
166494Oracle Application Server Websocket access control [CVE-2020-25096]medium6.5---
166493LogRhythm Platform Manager Websocket cross-site request forgerylow4.0---
166492LogRhythm Platform Manager Websocket command injection [CVE-2020-25094]medium9.0---
166491Kyland KPS2204 webadminget.cgi information disclosurelow3.5---
166490Kyland KPS2204 Instruction unrestricted upload [CVE-2020-25010]medium6.0---
166489Infraware ML Report MLReportDeamon.exe sub_41EAF0 stack-based overflowmedium5.1---
166488connection-tester Package index.js injectionmedium7.5---
166487Dell BSAFE Micro Edition Suite buffer overflow [CVE-2020-5360]medium7.5---
166486Dell BSAFE Micro Edition Suite return value [CVE-2020-5359]medium7.5---
166485IBM Financial Transaction Manager Login Dialog information disclosurelow5.0---
166484IBM Financial Transaction Manager information exposure [CVE-2020-4907]low5.0---
166483IBM Financial Transaction Manager information disclosure [CVE-2020-4906]low1.7---
166482IBM Financial Transaction Manager cleartext transmission [CVE-2020-4905]low2.6---
166481IBM Financial Transaction Manager cross-site request forgerylow5.0---
166480IBM Sterling File Gateway Web UI cross site scripting [CVE-2020-4658]low5.0---
166479IBM Sterling B2B Integrator Web UI cross site scripting [CVE-2020-4657]low5.0---
166478Vmware macOS Sensor for VMware Carbon Black Cloud Installation Remote Privilege Escalationmedium6.5---
166477Irfan Skiljan IrfanView PCX File out-of-bounds write [CVE-2020-35133]medium7.5---
166476Pluck CMS unrestricted upload [CVE-2020-29607]medium6.0---
166475Epson EPS TSE Server 8 Administrative Interface cross-site request forgerylow5.0---
166474Epson EPS TSE Server 8 users.php cross site scriptinglow4.0---
166473Epson EPS TSE Server 8 information disclosure [CVE-2020-28929]low5.0---
166472systeminformation command injection [CVE-2020-26274]medium6.5---
166471Dell EMC iDRAC9 Web Application cross site scripting [CVE-2020-26198]low5.0---
166470SolarWinds N-central AdvancedScripts HTTP Endpoint cross-site request forgerylow4.0---
166469SolarWinds N-central Network Interface improper authenticationmedium5.8---
166468SolarWinds N-Central Administrative Console hard-coded credentialsmedium5.8---
166467HCL BigFix Inventory TLS-RSA Cipher Suite risky encryption [CVE-2020-14254]low2.6---
166466HCL BigFix Inventory missing secure attribute [CVE-2020-14248]low2.6---
166465AdRem NetCrunch Credential Manager credentials storage [CVE-2019-14483]low1.4---
166464AdRem NetCrunch Web Client hard-coded key [CVE-2019-14482]medium7.5---
166463AdRem NetCrunch Web Client cross-site request forgery [CVE-2019-14481]low4.0---
166462AdRem NetCrunch user session [CVE-2019-14480]medium7.5---
166461AdRem NetCrunch Remote Privilege Escalation [CVE-2019-14479]medium6.5---
166460AdRem NetCrunch Web Client cross site scripting [CVE-2019-14478]low4.0---
166459AdRem NetCrunch Credentials Database credentials storage [CVE-2019-14477]low1.7---
166458AdRem NetCrunch SMB Request server-side request forgery [CVE-2019-14476]medium5.2---
166457p11-kit Byte Array heap-based overflow [CVE-2020-29363]medium6.5---
166456p11-kit RPC heap-based overflow [CVE-2020-29362]medium6.5---
166455p11-kit LIST Command integer overflow [CVE-2020-29361]medium4.9---
166454SolarWinds N-central SSH access control [CVE-2020-25619]medium6.5---
166453SolarWinds N-Central sudo Configuration access control [CVE-2020-25618]medium7.7---
166452SolarWinds N-Central Administration Console path traversal [CVE-2020-25617]medium7.7---
166451GROWI pathname traversal [CVE-2020-5683]medium6.5---
166450GROWI denial of service [CVE-2020-5682]low3.5---
166449OpenTSDB gnuplot File tmp command injectionmedium6.5---
166448datatables.net Package code injection [CVE-2020-28458]medium5.8---
166447osquery command injection [CVE-2020-26273]medium6.5---
166446XStream os command injection [CVE-2020-26259]medium4.0---
166445XStream server-side request forgery [CVE-2020-26258]medium6.5---
166444Software AG Terracotta Server OSS Docker Image hard-coded passwordmedium10.0---
166443Appbase Streams Docker Image hard-coded password [CVE-2020-35468]medium10.0---
166442Docker Docs Docker Image hard-coded password [CVE-2020-35467]medium10.0---
166441Blackfire Docker Image hard-coded password [CVE-2020-35466]medium10.0---
166440FullArmor HAPI File Share Mount Docker Image hard-coded passwordmedium10.0---
166439Weave Cloud Agent Docker Image hard-coded password [CVE-2020-35464]medium10.0---
166438Instana Dynamic APM Docker Image hard-coded password [CVE-2020-35463]medium10.0---
166437CoScale Agent Docker Image weak password [CVE-2020-35462]high10.0---
166436PHPJabbers Appointment Scheduler Admin Login Page index.php cross site scriptinglow4.0---
166435jsonparser GET Call denial of service [CVE-2020-35381]low2.3---
166434GJSON JSON File denial of service [CVE-2020-35380]low2.3---
166433Sonarqube Docker Image hard-coded password [CVE-2020-35193]high10.0---
166432Keysight Database Connector Plugin access control [CVE-2020-35122]medium5.2---
166431Keysight Database Connector Plugin Save Macro Parameter cross site scriptinglow4.0---
166430Icinga certificate validation [CVE-2020-29663]medium5.8---
166429SourceCodester Alumni Management System gallery.php unrestricted uploadmedium6.0---
166428D-Link DSR-250 Unified Services Router Web Interface command injectionmedium6.5---
166427D-Link DSR-250 Configuration File injection [CVE-2020-25758]medium6.0---
166426D-Link DSR-150/DSR-250/DSR-500/DSR-1000AC LUA CGI access controlmedium7.7---
166425Host Engineering H0-ECOM100/H2-ECOM100/H4-ECOM100 Configuration Web Server denial of servicelow2.3---
166424PEGA Platform cross site scripting [CVE-2020-23957]low4.0---
166423Keycloak authentication replay [CVE-2020-14302]medium5.8---
166422Keycloak server-side request forgery [CVE-2020-10770]medium6.5---
166421SolarWinds Database Performance Analyzer cross site scriptinglow4.0---
166420Google Asylo ecall_restore buffer overflowmedium4.3---
166419Google Asylo enc_untrusted_recvfrom buffer overflowmedium3.5---
166418Google Asylo enc_untrusted_read buffer overflowmedium3.5---
166417Google Asylo enc_untrusted_inet_pton buffer overflowmedium3.5---
166416Google Asylo enc_untrusted_recvmsg buffer overflowmedium3.5---
166415Google Asylo enc_untrusted_inet_ntop out-of-bounds readlow2.4---
166414Google Asylo FromkLinuxSockAddr memory corruptionmedium3.5---
166413Google Asylo enc_untrusted_create_wait_queue buffer overflowmedium4.3---
166412Google Asylo sgx_params out-of-bounds readlow1.0---
166411Google Asylo Ecall_restore memory corruptionlow2.4---
166410IBM Tivoli Netcool Impact Remote Privilege Escalation [CVE-2020-4849]medium6.0---
166409IBM Connect:Direct for UNIX CLI improper authentication [CVE-2020-4747]medium7.5---
166408EGavilan Barcodes Generator index.php cross site scriptinglow4.0---
166407EGavilan Media Expense Management System Add Expense cross site scriptinglow4.0---
166406Xen null pointer dereference [CVE-2020-29571]low2.3---
166405Xen denial of service [CVE-2020-29570]low5.2---
166404Linux Kernel Kernel Thread denial of service [CVE-2020-29569]low2.7---
166403Xen denial of service [CVE-2020-29568]low2.3---
166402Xen denial of service [CVE-2020-29567]low4.4---
166401Xen denial of service [CVE-2020-29566]low5.2---
166400Xen XAPI xenstore denial of service [CVE-2020-29487]low2.3---
166399Xen xenstore denial of service [CVE-2020-29486]low2.3---
166398Xen Ocaml xenstored Implementation denial of service [CVE-2020-29485]low5.2---
166397Xen Xenstore denial of service [CVE-2020-29484]low2.3---
166396Xen Shared Memory denial of service [CVE-2020-29483]low2.6---
166395Xen xenstore Path $DOMID denial of servicelow2.7---
166394Xen Xenstore Node access control [CVE-2020-29481]medium5.2---
166393Xen xenstore permission [CVE-2020-29480]medium5.2---
166392Xen Ocaml xenstored Implementation access control [CVE-2020-29479]medium5.2---
166391s-cart Package Admin Dashboard AdminOrderController.phpindex cross site scriptinglow4.0---
166390s-cart Package Admin Panel cross site scripting [CVE-2020-28456]low4.0---
166389Foxit Reader/PhantomPDF PDF File denial of service [CVE-2020-28203]low5.0---
166388Linux Kernel RTAS authorization [CVE-2020-27777]medium8.3---
166387TIBCO PartnerExpress REST API unknown vulnerability [CVE-2020-27147]medium6.4---
166386Google Android nl80211.c nl80211_policy out-of-bounds readlow1.4---
166385Google Android l2tp Subsystem use after free [CVE-2020-27067]medium4.0---
166384Google Android xfrm6_tunnel.c xfrm6_tunnel_free_spi use after freemedium4.0---
166383Google Android GpuService.cpp getGpuStatsAppInfo information disclosurelow1.7---
166382Google Android Package Metadata information disclosure [CVE-2020-27056]low1.7---
166381Google Android WiFi Configuration WifiConfigController.java showWarningMessagesIfAppropriate information disclosurelow5.0---
166380Google Android BluetoothManagerService BluetoothManagerService.java onFactoryReset permissionmedium4.3---
166379Google Android WiFi Name ClientModeImpl.java broadcastWifiCredentialChanged information disclosurelow1.4---
166378Google Android Lock Task Mode ActivityRecord.java getLockTaskLaunchMode permissionmedium4.3---
166377Google Android nfa_rw_api.cc NFA_RwI93WriteMultipleBlocks out-of-bounds writemedium4.3---
166376Google Android rw_i93.cc rw_i93_send_cmd_write_multi_blocks out-of-bounds writemedium4.3---
166375Google Android rw_t3t.cc rw_t3t_send_raw_frame out-of-bounds writemedium4.3---
166374Google Android rw_main.cc RW_SendRawFrame out-of-bounds writemedium4.3---
166373Google Android ce_t4t.cc ce_t4t_update_binary out-of-bounds readlow1.7---
166372Google Android nfc_ncif.cc nfc_ncif_proc_ee_action out-of-bounds readlow1.4---
166371Google Android ce_main.cc CE_SendRawFrame out-of-bounds writemedium4.3---
166370Google Android Parcel.cpp restartWrite memory corruptionmedium4.3---
166369Google Android nfc_main.cc nfc_enabled out-of-bounds readlow1.4---
166368Google Android ConnectivityService.java showProvisioningNotification information disclosurelow1.7---
166367Google Android NFC Server phNxpNciHal.cc phNxpNciHal_core_initialized out-of-bounds readlow1.7---
166366Google Android ServiceRecord.java postNotification information disclosurelow1.7---
166365Google Android C2SoftVorbisDec.cpp process memory leaklow5.0---
166364Google Android NFC Server phNxpNciHal.cc phNxpNciHal_core_initialized out-of-bounds readlow1.4---
166363Google Android NFC Server phNxpNciHal_ext.cc phNxpNciHal_send_ext_cmd out-of-bounds writemedium4.0---
166362Google Android C2AllocatorIon.cpp priorLinearAllocation use after freelow1.7---
166361Google Android SimSelectNotification.java createSimSelectNotification information disclosurelow1.7---
166360Google Android nfc_ncif.cc nfc_ncif_proc_get_routing out-of-bounds readlow1.4---
166359Google Android PhoneInterfaceManager.java getRadioAccessFamily information disclosurelow1.7---
166358Google Android nfc_ncif.cc nfc_data_event out-of-bounds readlow1.7---
166357Google Android HandleApiCalls.java onCreate permissionmedium4.3---
166356Google Android TextView.java TextView denial of servicelow5.0---
166355Google Android hci_layer.cc filter_incoming_event out-of-bounds readlow1.7---
166354Google Android nfc_ncif.cc nfc_ncif_proc_get_routing out-of-bounds readlow1.7---
166353Google Android Fingerprint information disclosure [CVE-2020-27026]low1.7---
166352Google Android EapFailureNotifier.java information disclosurelow1.7---
166351Google Android Bluetooth smp_br_main.cc smp_br_state_machine_event out-of-bounds readlow5.0---
166350Google Android BluetoothMediaBrowserService.java setErrorPlaybackState information disclosurelow1.4---
166349Google Android avrc_pars_tg.cc avrc_ctrl_pars_vendor_cmd out-of-bounds readlow1.4---
166348X.org X11 XkbSetDeviceInfo heap-based overflowmedium5.2---
166347Google Android InputMethodManager.java startInputUncheckedLocked information disclosurelow2.1---
166346Google Android bitreader.c FLAC__bitreader_read_rice_signed_block out-of-bounds readlow5.0---
166345Google Android codebook.c decode_packed_entry_number out-of-bounds readlow5.0---
166344Google Android BiometricServiceBase canUseBiometric information disclosurelow1.7---
166343Google Android cpdf_renderstatus.cpp LoadSMask use after freelow1.7---
166342Google Android JBig2_SddProc.cpp decode_Huffman integer overflowlow1.7---
166341Google Android ih264d_sei.c ih264d_parse_ave out-of-bounds readlow5.0---
166340Google Android cpdf_sampledfunc.cpp v_Call information disclosurelow1.7---
166339Google Android Bitstream bitstream.cpp BitstreamFillCache out-of-bounds readlow5.0---
166338Google Android MatroskaExtractor.cpp readBlock resource consumptionlow5.0---
166337Google Android floor1.c floor1_info_unpack information disclosurelow5.0---
166336Google Android eas_mdls.c Parse_data out-of-bounds writemedium7.5---
166335Google Android ihevc_inter_pred_filters_ssse3_intr.c ihevc_inter_pred_chroma_copy_ssse3 information disclosurelow5.0---
166334Google Android stream_decoder.c read_metadata_vorbiscomment_ denial of servicelow5.0---
166333Google Android ContactsProvider2.java openAssetFileListener permissionmedium4.3---
166332Google Android UsbBackend.java areFunctionsSupported permissionmedium4.3---
166331Google Android ComposerClient.h destroyResources memory corruptionmedium4.0---
166330Google Android DrmManagerService.cpp ~DrmManagerService memory corruptionmedium4.0---
166329Google Android IncidentService.cpp command information disclosurelow1.7---
166328Google Android AndroidManifest.xml permissionmedium4.3---
166327Google Android DocumentsProvider.java callUnchecked permissionmedium4.3---
166326Google Android DocumentsProvider.java callUnchecked permissionmedium4.3---
166325Google Android restoration.c extend_frame_lowbd out-of-bounds writemedium4.3---
166324Google Android Network Configuration ClientModeImpl.java sendLinkConfigurationChangedBroadcast information disclosurelow1.7---
166323Google Android Assistant.java onNotificationRemoved log filelow1.7---
166322Google Android WindowManagerService.java createInputConsumer permissionmedium4.3---
166321Google Android HalCamera.cpp requestNewFrame use after freemedium4.3---
166320Google Android BluetoothOppNotification.java updateIncomingFileConfirmNotification unrestricted uploadlow4.3---
166319Google Android CallLogProvider.java queryInternal information disclosurelow1.7---
166318Google Android nci_hrcv.cc nci_proc_ee_management_rsp information disclosurelow1.7---
166317Google Android SPDIFEncoder.cpp writeBurstBufferBytes information disclosurelow1.7---
166316js-data Package deepFill code injectionmedium5.2---
166315Envoy UDP Datagram denial of service [CVE-2020-35471]low4.0---
166314Envoy Network Filter unknown vulnerability [CVE-2020-35470]low4.9---
166313Apple macOS Server Profile Manager cross site scripting [CVE-2020-9995]low5.0---
166312Apple macOS Wi-Fi denial of service [CVE-2020-27898]low2.3---
166311Apple macOS WebRTC use after free [CVE-2020-15969]medium7.5---
166310Apple macOS System Preferences sandbox [CVE-2020-10009]low4.3---
166309Apple macOS Ruby path traversal [CVE-2020-27896]medium6.0---
166308Apple macOS Quick Look cross site scripting [CVE-2020-10012]low5.0---
166307Apple macOS Power Management state issue [CVE-2020-10007]low1.7---
166306Apple macOS NSRemoteView sandbox [CVE-2020-27901]low4.3---
166305Apple macOS Model IO state issue [CVE-2020-10004]medium7.5---
166304Apple macOS Model IO out-of-bounds read [CVE-2020-13524]medium7.5---
166303Apple macOS Logging path traversal [CVE-2020-10010]low4.3---
166302Apple macOS libxpc path traversal [CVE-2020-10014]low4.3---
166301Apple macOS libxml2 use after free [CVE-2020-27926]low4.3---
166300Apple macOS libxml2 use after free [CVE-2020-27920]medium7.5---
166299Apple macOS libxml2 integer overflow [CVE-2020-27911]medium7.5---
166298Apple macOS Kernel Local Privilege Escalation [CVE-2020-29620]low4.3---
166297Apple macOS Kernel memory corruption [CVE-2020-27949]low4.3---
166296Apple macOS Kernel race condition [CVE-2020-27921]medium6.8---
166295Apple macOS Kernel use after free [CVE-2020-9975]medium6.8---
166294Apple macOS Kernel memory corruption [CVE-2020-9967]high8.5---
166293Apple macOS Kernel memory corruption [CVE-2020-10016]medium6.8---
166292Apple macOS Kernel state issue [CVE-2020-9974]low1.7---
166291Apple macOS Intel Graphics Driver memory corruption [CVE-2020-27907]medium6.8---
166290Apple macOS Intel Graphics Driver out-of-bounds write [CVE-2020-27897]medium6.8---
166289Apple macOS Intel Graphics Driver out-of-bounds write [CVE-2020-10015]medium6.8---
166288Apple macOS ImageIO out-of-bounds write [CVE-2020-27923]medium7.5---
166287Apple macOS ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
166286Apple macOS ImageIO out-of-bounds read [CVE-2020-29619]medium7.5---
166285Apple macOS ImageIO out-of-bounds read [CVE-2020-29617]medium7.5---
166284Apple macOS ImageIO out-of-bounds write [CVE-2020-29611]medium7.5---
166283Apple macOS ImageIO out-of-bounds read [CVE-2020-29618]medium7.5---
166282Apple macOS ImageIO out-of-bounds read [CVE-2020-27924]medium7.5---
166281Apple macOS ImageIO memory corruption [CVE-2020-29616]medium7.5---
166280Apple macOS Image Processing out-of-bounds write [CVE-2020-27919]medium7.5---
166279Apple macOS HomeKit unknown vulnerability [CVE-2020-9978]low2.6---
166278Apple macOS Graphics Drivers out-of-bounds write [CVE-2020-29612]medium6.8---
166277Apple macOS Graphics Drivers memory corruption [CVE-2020-27947]medium6.8---
166276Apple macOS Foundation state issue [CVE-2020-10002]low1.7---
166275Apple macOS FontParser memory corruption [CVE-2020-27944]medium7.5---
166274Apple macOS FontParser memory corruption [CVE-2020-27943]medium7.5---
166273Apple macOS FontParser memory corruption [CVE-2020-27931]medium7.5---
166272Apple macOS FontParser out-of-bounds read [CVE-2020-9956]medium7.5---
166271Apple macOS FontParser out-of-bounds write [CVE-2020-27952]medium7.5---
166270Apple macOS FontParser buffer overflow [CVE-2020-9962]medium7.5---
166269Apple macOS FontParser information disclosure [CVE-2020-27946]low5.0---
166268Apple macOS CoreText state issue [CVE-2020-27922]medium7.5---
166267Apple macOS CoreAudio out-of-bounds write [CVE-2020-10017]medium7.5---
166266Apple macOS CoreAudio out-of-bounds read [CVE-2020-27908]medium7.5---
166265Apple macOS CoreAudio out-of-bounds read [CVE-2020-9960]medium7.5---
166264Apple macOS CoreAudio out-of-bounds write [CVE-2020-27948]medium7.5---
166263Apple macOS Bluetooth integer overflow [CVE-2020-27906]medium7.5---
166262Apple macOS Audio out-of-bounds write [CVE-2020-27916]medium7.5---
166261Apple macOS Audio out-of-bounds read [CVE-2020-9944]low1.7---
166260Apple macOS Audio out-of-bounds read [CVE-2020-9943]low1.7---
166259Apple macOS Audio out-of-bounds read [CVE-2020-27910]medium7.5---
166258Apple macOS AppleMobileFileIntegrity Local Privilege Escalationlow4.3---
166257Apple macOS AppleGraphicsControl behavioral workflow [CVE-2020-27941]medium6.8---
166256Apple macOS App Store privileges management [CVE-2020-27903]low4.3---
166255Apple macOS AMD memory corruption [CVE-2020-27915]medium6.8---
166254Apple macOS AMD memory corruption [CVE-2020-27914]medium6.8---
166253Apple Safari WebRTC use after free [CVE-2020-15969]medium7.5---
166252Apple tvOS WebRTC use after free [CVE-2020-15969]medium7.5---
166251Apple tvOS ImageIO out-of-bounds write [CVE-2020-29611]medium7.5---
166250Apple tvOS ImageIO out-of-bounds read [CVE-2020-29618]medium7.5---
166249Apple tvOS ImageIO out-of-bounds read [CVE-2020-29619]medium7.5---
166248Apple tvOS ImageIO out-of-bounds read [CVE-2020-29617]medium7.5---
166247Apple tvOS FontParser memory corruption [CVE-2020-27944]medium7.5---
166246Apple tvOS FontParser memory corruption [CVE-2020-27943]medium7.5---
166245Apple tvOS FontParser information disclosure [CVE-2020-27946]low5.0---
166244Apple tvOS CoreAudio out-of-bounds write [CVE-2020-27948]medium7.5---
166243Apple watchOS WebRTC use after free [CVE-2020-15969]medium7.5---
166242Apple watchOS Security unknown vulnerability [CVE-2020-27951]low4.9---
166241Apple watchOS ImageIO out-of-bounds write [CVE-2020-29611]medium7.5---
166240Apple watchOS ImageIO out-of-bounds read [CVE-2020-29618]medium7.5---
166239Apple watchOS ImageIO out-of-bounds read [CVE-2020-29619]medium7.5---
166238Apple watchOS ImageIO out-of-bounds read [CVE-2020-29617]medium7.5---
166237Apple watchOS FontParser memory corruption [CVE-2020-27944]medium7.5---
166236Apple watchOS FontParser memory corruption [CVE-2020-27943]medium7.5---
166235Apple watchOS FontParser information disclosure [CVE-2020-27946]low5.0---
166234Apple watchOS CoreAudio out-of-bounds write [CVE-2020-27948]medium7.5---
166233Apple iOS/iPadOS WebRTC use after free [CVE-2020-15969]medium7.5---
166232Apple iOS/iPadOS Security unknown vulnerability [CVE-2020-27951]low4.9---
166231Apple iOS/iPadOS ImageIO out-of-bounds write [CVE-2020-29611]medium7.5---
166230Apple iOS/iPadOS ImageIO out-of-bounds read [CVE-2020-29618]medium7.5---
166229Apple iOS/iPadOS ImageIO out-of-bounds read [CVE-2020-29619]medium7.5---
166228Apple iOS/iPadOS ImageIO out-of-bounds read [CVE-2020-29617]medium7.5---
166227Apple iOS/iPadOS FontParser memory corruption [CVE-2020-27944]medium7.5---
166226Apple iOS/iPadOS FontParser memory corruption [CVE-2020-27943]medium7.5---
166225Apple iOS/iPadOS FontParser information disclosure [CVE-2020-27946]medium7.5---
166224Apple iOS/iPadOS CoreAudio out-of-bounds read [CVE-2020-27948]medium7.5---
166223Apple iOS/iPadOS App Store state issue [CVE-2020-29613]low4.9---
166222curl Certificate Revocation certificate validation [CVE-2020-8286]medium7.5---
166221haxx.se cURL FTP Wildcard stack-based overflow [CVE-2020-8285]medium5.0---
166220curl FTP PASV information disclosure [CVE-2020-8284]low2.6---
166219Citrix Virtual Apps/Virtual Desktops/XenApp/XenDesktop Universal Print Server privileges managementmedium7.7---
166218Ubiquiti EdgePower 24V-54V cross-site request forgery [CVE-2020-8282]low4.0---
166217Citrix Gateway Plug-in Services privileges management [CVE-2020-8258]medium5.2---
166216Citrix Gateway Plug-in access control [CVE-2020-8257]medium5.2---
166215libcURL Connection use after free [CVE-2020-8231]medium4.9---
166214curl File Name injection [CVE-2020-8177]low4.3---
166213curl DNS Server information disclosure [CVE-2020-8169]low2.6---
166212Jon Iles Packwood MPXJ ZIP Stream InputStreamHelper.java pathname traversalmedium5.2---
166211Gnome GLib g_option_group_add_entries integer overflow [Disputed]medium4.9---
166210Google Go Encoding XML Package encoding error [CVE-2020-29511]medium7.5---
166209Google Go Encoding XML Package encoding error [CVE-2020-29510]medium7.5---
166208Google Go Encoding XML Package encoding error [CVE-2020-29509]medium7.5---
166207SabaiApp Directories Pro Plugin CSV File cross site scriptinglow5.0---
166206SabaiApp Directories Pro Plugin cross site scripting [CVE-2020-29303]low4.0---
166205OpenAsset Digital Asset Management ProjectsCSV access controlmedium5.8---
166204Unicenter Asset Management sql injection [CVE-2020-28860]medium4.6---
166203OpenAsset Digital Asset Management Scripting cross site scriptinglow5.0---
166202OpenAsset Digital Asset Management cross-site request forgerylow5.0---
166201OpenAsset Digital Asset Management cross site scripting [CVE-2020-28857]low5.0---
166200Siemens SICAM A8000 CP-8022 Web Server protection mechanism [CVE-2020-28396]low2.6---
166199Siemens LOGO! 8 BM Website/Access Tool insufficiently protected credentialslow2.6---
166198Siemens LOGO! 8 BM/LOGO! Soft Comfort UDF hard-coded key [CVE-2020-25234]low2.3---
166197Siemens LOGO! 8 BM Firmware hard-coded key [CVE-2020-25233]low2.3---
166196Siemens LOGO! 8 BM tcp risky encryptionlow1.4---
166195Siemens LOGO! 8 BM/LOGO! Soft Comfort hard-coded key [CVE-2020-25231]low2.3---
166194Siemens LOGO! 8 BM Service Port 10005 risky encryption [CVE-2020-25230]low2.6---
166193Siemens LOGO! 8 BM authentication replay [CVE-2020-25229]medium5.8---
166192Siemens LOGO! 8 BM Service Port 10005 missing authenticationmedium8.3---
166191NewPK newpost.php sql injectionmedium6.5---
166190Dan McDougall GateOne SSH Connection os command injection [CVE-2020-20184]medium6.5---
166189ZyXEL P1302-T10 v3 Admin Page resource injection [CVE-2020-20183]medium4.9---
166188QuantConnect Lean Json.NET library deserialization [CVE-2020-20136]medium4.9---
166187Gallagher Command Centre Enterprise Data Interface sql injectionmedium5.8---
166186Gallagher Command Centre Server type confusion [CVE-2020-16103]medium6.5---
166185Gallagher Command Centre Server improper authentication [CVE-2020-16102]medium6.5---
166184Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server denial of servicelow3.5---
166183Eclipse Che CodeReady Workspace services cross-site request forgerylow4.0---
166182Google Android restoration.c extend_frame_highbd heap-based overflowmedium5.0---
166181Google Android LockSettingsService.java addEscrowToken denial of servicelow1.7---
166180Google Android TelephonyRegistry.java listen information disclosurelow1.7---
166179Google Android Network Traffic Vpn.java onUserStopped information disclosurelow1.7---
166178Google Android eventpoll.c do_epoll_ctl use after freemedium4.3---
166177Google Android Kernel hid-multitouch.c out-of-bounds writemedium4.3---
166176Google Android res_cache.cpp resolv_cache_lookup information disclosurelow1.0---
166175Google Android Bluetooth Server sdp_server.cc sdp_server_handle_client_req information disclosurelow3.5---
166174Google Android Certificate CertInstaller.java createNameCredentialDialog information disclosurelow5.0---
166173Google Android WiFi Configuration WifiConfigManager.java sendConfiguredNetworkChangedBroadcast information disclosurelow1.7---
166172Google Android SPDIFEncoder.cpp writeBurstBufferBytes integer overflowmedium7.5---
166171Google Android out-of-bounds write [CVE-2020-0457]medium5.2---
166170Google Android out-of-bounds write [CVE-2020-0456]medium5.2---
166169Google Android out-of-bounds read [CVE-2020-0455]low2.3---
166168Google Android auditfilter.c audit_free_lsm_field privileges managementlow4.3---
166167Google Android DisplayManagerService.java createVirtualDisplay permissionmedium4.3---
166166Google Android WindowManagerService.java addWindow clickjackinglow4.3---
166165Google Android Broadcom Nexus Firmware hard-coded password [CVE-2020-0019]medium6.8---
166164Google Android Broadcom Nexus Firmware hard-coded password [CVE-2020-0016]medium6.8---
166163Siemens XHQ Web Interface cross-site request forgery [CVE-2019-19289]low5.0---
166162Siemens XHQ Web Interface cross site scripting [CVE-2019-19288]low4.0---
166161Siemens XHQ path traversal [CVE-2019-19287]medium7.5---
IDTitleVulDBCVSSSecuniaXForceNessus
166160Siemens XHQ sql injection [CVE-2019-19286]medium6.5---
166159Siemens XHQ Web Interface cross site scriting [CVE-2019-19285]low4.0---
166158Siemens XHQ cross site scripting [CVE-2019-19284]low4.0---
166157Siemens XHQ Web Server information disclosure [CVE-2019-19283]low2.3---
166156Classbooking CSV File sql injection [CVE-2020-35382]medium5.8---
166155Online Bus Ticket Reservation Login Page sql injection [CVE-2020-35378]medium7.5---
166154Mobile Viewpoint Wireless Multiplex Terminal Playout Server hard-coded credentialsmedium5.8---
166153Project Worlds Car Rental Management System index.php file inclusionmedium5.4---
166152OpenAsset Asset Management HTTP Request access control [CVE-2020-28856]medium5.2---
166151GE Healthcare Signa credentials management [CVE-2020-25179]low5.0---
166150GE Healthcare Signa cleartext transmission [CVE-2020-25175]low2.6---
166149BitDefender Antivirus Plus SafePay origin validation [CVE-2020-15733]low5.0---
166148HCL Notes Client MIME Message stack-based overflow [CVE-2020-14268]medium7.5---
166147HCL Domino Server MIME Message stack-based overflow [CVE-2020-14244]high10.0---
166146Apache Airflow Charts/Query server-side request forgery [CVE-2020-17513]medium5.2---
166145Apache Airflow CLI log file [CVE-2020-17511]low2.7---
166144Mitsubishi Electric MELSEC iQ-F FX5U(C) ARP Packet unknown vulnerabilitymedium5.8---
166143FileZen pathname traversal [CVE-2020-5639]medium6.5---
166142NEC Aterm SA3500G improper validation of integrity check valuemedium6.5---
166141NEC Aterm SA3500G URL Remote Privilege Escalation [CVE-2020-5636]medium6.5---
166140NEC Aterm SA3500G URL unknown vulnerability [CVE-2020-5635]low4.9---
166139amazee.io Lagoon GitLab Webhook access control [CVE-2020-35236]medium5.2---
166138secure-file-manager Plugin elFinder connector.minimal.php access controlmedium6.5---
166137easy-wp-smtp Plugin log file [CVE-2020-35234]low2.6---
166136Macally WIFISD2-2A82 Guest User Password shadow credentials storagelow2.7---
166135SolarWinds Orion Network Management Sunburst/Solorigate backdoormedium4.9---
166134Medtronic Smart Model 25000 Patient Reader Update System toctoumedium10.0---
166133Medtronic Smart Model 25000 Patient Reader Debug Command heap-based overflowmedium8.3---
166132Medtronic Smart Model 25000 Patient Reader App Authentication improper authenticationmedium5.8---
166131LastPass Password Manager improper authentication [CVE-2020-35208] [Disputed]low3.7---
166130LastPass Password Manager improper authentication [CVE-2020-35207] [Disputed]low3.7---
166129Ignite Realtime Openfire db-access.jsp cross site scriptinglow4.0---
166128Ignite Realtime Openfire create-bookmark.jsp cross site scriptinglow4.0---
166127Ignite Realtime Openfire spark-form.jsp cross site scriptinglow4.0---
166126Ignite Realtime Openfire create-bookmark.jsp cross site scriptinglow4.0---
166125F5 BIG-IP iControl REST cross site scripting [CVE-2020-5950]low4.0---
166124F5 BIG-IP FTP denial of service [CVE-2020-5949]low5.0---
166123F5 BIG-IP iControl REST cross site scripting [CVE-2020-5948]low4.0---
166122AWStats awstats.pl pathname traversalmedium5.2---
166121Frappe Framework API input validation [CVE-2020-35175]medium4.9---
166120mquery Operation utils.js injectionlow4.9---
166119Western Digital Dashboard DLL uncontrolled search path [CVE-2020-29654]medium6.5---
166118Western Digital My Cloud OS improper authentication [CVE-2020-29563]medium5.8---
166117SmartyStreets liveAddressPlugin.js Parameter this.showInvalidCountry cross site scriptinglow4.0---
166116Linux Kernel ring_buffer.c use after freelow4.3---
166115F5 BIG-IP NGINX Controller Agent pathname traversal [CVE-2020-27730]medium6.5---
166114F5 BIG-IP AFM Traffic Management Microkernel denial of servicelow1.4---
166113Wireshark USB HID Protocol Dissector denial of service [CVE-2020-26421]low2.6---
166112Wireshark RTPS Protocol Dissector memory leak [CVE-2020-26420]low2.6---
166111Wireshark Dissection Engine memory leak [CVE-2020-26419]low2.6---
166110Wireshark Kafka Protocol Dissector denial of service [CVE-2020-26418]low2.6---
166109Contiki IPv6 Header memory corruption [CVE-2020-25112]medium5.1---
166108Contiki IPv6 Header Length memory corruption [CVE-2020-25111]medium5.1---
166107Nut OS Ethernut memory corruption [CVE-2020-25110]medium5.1---
166106Nut OS Ethernut memory corruption [CVE-2020-25109]medium5.1---
166105Nut OS Ethernut memory corruption [CVE-2020-25108]medium5.1---
166104Nut OS Ethernut memory corruption [CVE-2020-25107]low5.1---
166103FNET mDNS Query out-of-bounds read [CVE-2020-24383]low5.1---
166102picoTCP/picoTCP-NG TCP pico_tcp.c out-of-bounds readlow5.1---
166101picoTCP/picoTCP-NG DNS Packet pico_mdns.c pico_mdns_handle_data_as_answers_generic out-of-bounds readlow2.6---
166100picoTCP/picoTCP-NG Domain Name Decompression pico_dns_common.c pico_dns_decompress_name out-of-bounds readlow2.6---
166099picoTCP Domain Name Decompression pico_dns_common.c pico_dns_decompress_name out-of-bounds writemedium5.1---
166098picoTCP/picoTCP-NG TCP Options pico_tcp.c tcp_parse_options denial of servicelow5.0---
166097Contiki/Contiki-NG Domain Name ip64-dns64.c buffer overflowmedium5.1---
166096uIP DNS Response resolv.c out-of-bounds readlow5.1---
166095PHPSHE sql injection [CVE-2020-19165]medium6.5---
166094FNET DNS Client Interface fnet_dns.c _fnet_dns_poll initializationlow4.0---
166093FNET IPv6 Fragmentation fnet_ip6.c _fnet_ip6_reassembly uninitialized pointerlow5.0---
166092FNET IPv6 Extension Header fnet_ip6.c _fnet_ip6_ext_header_handler_options out-of-bounds readmedium7.5---
166091FNET LLMNR Request fnet_llmnr.c _fnet_llmnr_poll information disclosurelow2.3---
166090Valid picoTCP IPv6 Destination Options pico_ipv6.c pico_ipv6_process_destopt out-of-bounds readlow5.0---
166089picoTCP Header Field pico_ipv6.c pico_ipv6_check_headers_sequence integer overflowlow5.0---
166088picoTCP ICMPv6 Echo Request Packet pico_icmp6.c pico_icmp6_send_echoreply_not_frag memory corruptionmedium5.0---
166087picoTCP Header Length pico_ipv6.c pico_ipv6_process_hopbyhop integer overflowlow5.0---
166086picoTCP IPv6 Header pico_ipv6.c pico_ipv6_extension_headers out-of-bounds readlow5.0---
166085uIP DNS Response resolv.c parse_name null pointer dereferencelow5.0---
166084uIP DNS Reply resolv.c newdata dns rebindingmedium7.5---
166083uIP IP Header Length uip.c uip_reass denial of servicelow2.3---
166082uIP TCP Flag uip.c uip_process buffer overflowmedium5.2---
166081Brocade Fabric OS Virtual Fabric Mode access control [CVE-2020-15376]medium6.5---
166080Brocade Fabric OS Command Line Interface input validation [CVE-2020-15375]medium4.3---
166079Contiki TCPIP Stack uip.c uip_process integer overflowmedium7.5---
166078Contiki TCPIP Stack uip.c upper_layer_chksum out-of-bounds readmedium7.5---
166077Contiki TCPIP Stacl rpl-ext-header.c rpl_remove_header infinite looplow5.0---
166076Contiki TCPIP Stack rpl-ext-header.c rpl_remove_header memory corruptionmedium7.5---
166075Contiki TCPIP Stack uip6.c ext_hdr_options_process infinite looplow2.3---
166074i18n Language Tag TextLocalizer.cs denial of servicelow5.0---
166073Sophos Cyberoam OS WebAdmin sql injection [CVE-2020-29574]medium7.5---
166072corenlp-js-interface command injection [CVE-2020-28440]medium7.5---
166071corenlp-js-prefab index.js injectionmedium7.5---
166070Canonical Go Ethereum Consensus calculation [CVE-2020-26265]medium4.0---
166069Go Ethereum GetProofsV2 Request resource consumption [CVE-2020-26264]low5.0---
166068ua-parser-js incorrect regex [CVE-2020-7793]low2.3---
166067IBM Resilient SOAR Formula injection [CVE-2020-4633]medium7.5---
166066registry Docker Image improper authentication [CVE-2020-29591]high10.0---
166065teamspeak Docker Image improper authentication [CVE-2020-29590]high10.0---
166064kapacitor Docker Image improper authentication [CVE-2020-29589]high10.0---
166063TikiWiki Web-based Management Interface cross-site request forgerylow5.0---
166062OpenCart CMS CART Option cross-site request forgery [CVE-2020-28838]low4.0---
166061Frappe Two-factor Authentication information disclosure [CVE-2020-27508]low2.6---
166060Apache Airflow trigger cross site scriptinglow4.0---
166059Askey AP5100W Ping/Traceroute/Route os command injection [CVE-2020-15357]medium6.5---
166058Askey AP5100W WPS PIN password recovery [CVE-2020-15023]low2.6---
166057Silver Peak Unity ECOSTM Configuration Backup os command injectionmedium8.3---
166056Silver Peak Unity ECOSTM nslookup API os command injection [CVE-2020-12148]medium5.8---
166055mout Package code injection [CVE-2020-7792]medium5.0---
166054spatie browsershot URL path traversal [CVE-2020-7790]low5.0---
166053ini Package INI Parser injection [CVE-2020-7788]medium7.5---
166052Cisco Jabber Custom Protocol privileges management [CVE-2020-27127]medium7.5---
166051Cisco Jabber Message Content Validator information disclosurelow5.0---
166050Cisco Jabber Custom Protocol command injection [CVE-2020-27133]medium7.5---
166049Cisco Jabber XMPP Message injection [CVE-2020-27134]medium7.5---
166048Cisco Jabber XMPP Message Remote Privilege Escalation [CVE-2020-26085]medium6.5---
166047node-notifier command injection [CVE-2020-7789]medium5.1---
166046Netflix Spinnaker SpEL Expression deserialization [CVE-2020-9301]low4.9---
166045Schneider Electric EcoStruxure Control Expert/Unity Pro write-what-where conditionlow4.9---
166044Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium Web Server unusual conditionlow2.3---
166043Schneider Electric Modicon M340 Modbus unusual condition [CVE-2020-7543]low1.5---
166042Schneider Electric Modicon M340 Modbus unusual condition [CVE-2020-7542]low1.5---
166041Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium Web Server direct requestlow3.5---
166040Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium Web Server missing authenticationmedium5.8---
166039Schneider Electric Modicon M340/Modicon Quantum/Modicon Premium HTTP unusual conditionlow2.7---
166038Schneider Electric Modicon M580 Modbus unusual condition [CVE-2020-7537]low1.5---
166037Schneider Electric Modicon M340 SNMP unusual condition [CVE-2020-7536]low2.3---
166036Schneider Electric Modicon M340 Web Server path traversal [CVE-2020-7535]low2.7---
166035ultimate-category-excluder Plugin ultimate-category-excluder.php cross-site request forgerylow4.0---
166034phpLDAPadmin function.php get_request cross site scriptinglow4.0---
166033Ignite Realtime Openfire Bookmark create-bookmark.jsp cross site scriptinglow4.0---
166032Typesetter CMS Admin/Configuration cross site scripting [CVE-2020-35126] [Disputed]low3.3---
166031Schneider Electric Modicon M258 memory corruption [CVE-2020-28220]medium5.2---
166030Schneider Electric EcoStruxure Geo SCADA Expert Virtual ViewX insufficiently protected credentialslow4.0---
166029Schneider Electric Easergy T300 improper restriction of rendered ui layersmedium4.9---
166028Schneider Electric Easergy T300 missing encryption [CVE-2020-28217]low2.6---
166027Schneider Electric Easergy T300 missing encryption [CVE-2020-28216]low2.6---
166026Schneider Electric Easergy T300 authorization [CVE-2020-28215]medium4.9---
166025Schneider Electric Modicon M221 hash without salt [CVE-2020-28214]low1.4---
166024Jasper jpc Encoder out-of-bounds write [CVE-2020-27828]medium5.2---
166023Linux Kernel MIDI use after free [CVE-2020-27786]medium4.3---
166022GitLab Community Edition/Enterprise Edition Project information disclosurelow5.0---
166021GitLab Enterprise Edition Advanced Search information disclosurelow0.8---
166020GitLab Community Edition/Enterprise Edition REST API information disclosurelow4.0---
166019GitLab Community Edition/Enterprise Edition GraphQL information disclosurelow5.0---
166018GitLab Enterprise Edition Group Member information disclosurelow2.1---
166017GitLab Community Edition/Enterprise Edition Project Search denial of servicelow4.0---
166016GitLab Community Edition/Enterprise Edition Markdown resource consumptionlow4.0---
166015GitLab Community Edition/Enterprise Edition Profile information disclosurelow5.0---
166014Micro Focus Filr information disclosure [CVE-2020-25838]low2.3---
166013Aruba Networks 9000 Gateway GRUB2 Remote Privilege Escalationmedium8.5---
166012Aruba Networks 9000 Gateway Service Port 8211 injection [CVE-2020-24634]medium6.0---
166011Aruba Networks 9000 Gateway Service Port 8211 buffer overflowmedium7.5---
166010Adobe Lightroom Classic uncontrolled search path [CVE-2020-24447]medium3.5---
166009Adobe Prelude uncontrolled search path [CVE-2020-24440]medium3.5---
166008Apache Struts OGNL Evaluation Remote Privilege Escalation [CVE-2020-17530]medium6.0---
166007EIP Stack Group OpENer Ethernet out-of-bounds write [CVE-2020-13556]medium6.5---
166006EIP Stack Group OpENer Ethernet resource consumption [CVE-2020-13530]low5.0---
166005Pixar OpenUSD USD File out-of-bounds read [CVE-2020-13520]medium7.5---
166004GitLab Community Edition/Enterprise Edition Feature Flag improper authorizationmedium5.2---
166003Gerrit FilteredRepository Wrapper improper authorization [CVE-2020-8920]low2.7---
166002Gerrit REST API improper authorization [CVE-2020-8919]low2.7---
166001Google Guava Temp Directory com.google.common.io.Files.createTempDir temp filemedium6.5---
166000IBM AIX/VIOS ksu Command privileges management [CVE-2020-4829]medium6.8---
165999Ubilling Config File command injection [CVE-2020-29311]medium9.0---
165998TensorFlow Computation Graph out-of-bounds read [CVE-2020-26271]low4.3---
165997TensorFlow LSTM/GRU denial of service [CVE-2020-26270]low1.7---
165996TensorFlow out-of-bounds read [CVE-2020-26269]low2.3---
165995TensorFlow Python Interpreter tf.raw_ops.ImmutableConst denial of servicelow1.7---
165994TensorFlow API tf.raw_ops.DataFormatVecPermute out-of-bounds readlow3.2---
165993TensorFlow Model uninitialized resource [CVE-2020-26266]low4.3---
165992Askey AP5100W Telnet/SSH weak password [CVE-2020-26201]medium5.8---
165991FastAdmin Template injection [CVE-2020-25967]medium4.9---
165990iCMS install.php os command injectionmedium5.2---
165989iCMS install.php os command injectionmedium5.2---
165988Notable Markdown Text cross site scripting [CVE-2020-16608]low4.0---
165987ProcessMaker reportTables_Ajax sql injectionmedium6.5---
165986IBM Sterling B2B Integrator Standard Edition Dashboard UI information disclosurelow4.0---
165985Sympa SOAP API authenticateAndRun access controlmedium6.5---
165984Lan ATMService M3 ATM Monitoring System Session session expirationlow2.6---
165983Lan ATMService M3 ATM Monitoring System Log File log file [CVE-2020-29666]low3.5---
165982GitLab Community Edition/Enterprise Edition Project Import cross site scriptinglow4.0---
165981Adobe Experience Manager/AEM Forms add-on Form cross site scriptinglow4.0---
165980Adobe Experience Manager/AEM Forms add-on server-side request forgerymedium5.8---
165979Symantec Messaging Gateway Web UI information disclosure [CVE-2020-12595]low4.0---
165978Symantec Messaging Gateway CLI access control [CVE-2020-12594]medium9.0---
165977Adobe Acrobat Reader information disclosure [CVE-2020-29075]low5.0---
165976python-apt arfile.cc release of resourcelow1.4---
165975APT deb Package extracttar.cc integer overflowmedium4.3---
165974Music Music Station cross site scripting [CVE-2020-2494]low4.0---
165973QNAP Multimedia Console cross site scripting [CVE-2020-2493]low4.0---
165972QNAP QTS Photo Station cross site scripting [CVE-2020-2491]low4.0---
165971WAGO PLC 750-88x/PLC 750-352 resource consumption [CVE-2020-12516]low5.0---
165970McAfee Database Security Server Sensor SHA1 Certificate certificate validationmedium4.3---
165969Online Examination System feedback.php cross site scriptinglow4.0---
165968Online Examination System index.php cross site scriptinglow4.0---
165967Online Examination System feedback.php cross site scriptinglow4.0---
165966pass Git Repository improper authentication [CVE-2020-28086]low4.6---
165965synapse Synapse Event send_join denial of servicelow4.0---
165964TOTOLINK A3002RU os command injection [CVE-2020-25499]medium6.5---
165963Artifex MuPDF newband_writer use after freemedium4.9---
165962GNU Binutils _bfd_elf_get_symbol_version_string null pointer dereferencelow2.3---
165961GNU Binutils debug_get_real_type null pointer dereferencelow2.3---
165960GNU Binutils scan_unit_for_symbols denial of servicelow2.3---
165959GNU Binutils bfd_hash_lookup use after freelow4.9---
165958GNU Binutils process_symbol_table denial of servicelow2.3---
165957GNU Binutils File Descriptor process_symbol_table double freelow4.9---
165956Academy Software Foundation OpenEXR EXR File ImfTiledOutputFile.cpp writeTileData heap-based overflowlow2.7---
165955Academy Software Foundation OpenEXR EXR File makePreview.cpp generatePreview null pointer dereferencelow2.3---
165954Academy Software Foundation OpenEXR EXR File ImfMultiPartInputFile.cpp chunkOffsetReconstruction heap-based overflowlow2.7---
165953Macrium Reflect openssl.cnf access controlmedium9.0---
165952react-adal JWT Token authentication spoofing [CVE-2020-7787]medium7.5---
165951PHPOffice PhpSpreadsheet Excel File cross site scripting [CVE-2020-7776]low4.0---
165950Linux Kernel tty Subsystem tty_jobctrl.c use after freemedium4.9---
165949Linux Kernel Locking tty_io.c use after freemedium4.9---
165948Flexense DupScout Enterprise Web Server settings buffer overflowmedium6.5---
165947SAP Business Warehouse/BW4HANA os command injection [CVE-2020-26838]medium8.3---
165946SAP Solution Manager User Experience Monitoring path traversalmedium6.5---
165945SAP Solution Manager Trace Analysis redirect [CVE-2020-26836]low2.6---
165944SAP NetWeaver AS ABAP cross site scripting [CVE-2020-26835]low5.0---
165943Valid HANA Database SAML improper authentication [CVE-2020-26834]medium4.6---
165942SAP AS ABAP/S4 HANA Landscape Transformation authorization [CVE-2020-26832]medium5.8---
165941SAP BusinessObjects BI Platform Crystal Report server-side request forgerymedium6.5---
165940SAP Solution Manager User Experience Monitoring access controlmedium6.5---
165939SAP NetWeaver AS JAVA improper authentication [CVE-2020-26829]medium7.5---
165938SAP Disclosure Management Spreadsheet unrestricted upload [CVE-2020-26828]medium6.5---
165937SAP NetWeaver AS JAVA Process Integration Monitoring unrestricted uploadmedium6.5---
165936SAP AS JAVA Key Storage Service missing encryption [CVE-2020-26816]low1.2---
165935JupyterHub jupyterhub-systemdspawner API Token exposure of resourcemedium5.2---
165934BookStack Image URL or injectionmedium6.5---
165933WECON LeviStudioU Project File heap-based overflow [CVE-2020-25199]medium5.2---
165932imcat Picture unrestricted upload [CVE-2020-23520]medium6.0---
165931Palo Alto Cortex XDR Agent uncontrolled search path [CVE-2020-2049]medium6.8---
165930Palo Alto Cortex XDR Agent Exception exceptional condition [CVE-2020-2020]low1.7---
165929Apache NuttX Fragmentation out-of-bounds write [CVE-2020-17529]medium7.5---
165928Apache NuttX TCP Packet out-of-bounds write [CVE-2020-17528]medium6.5---
165927McAfee VirusScan Enterprise Windows Defender Application Control permission assignmentlow4.0---
165926JerryScript main-utils.c main_print_unhandled_exception out-of-bounds readlow2.3---
165925python-py incorrect regex [CVE-2020-29651]low2.3---
165924Apple iTunes Text File memory corruption [CVE-2020-9999]medium7.5---
165923Apple macOS Text File memory corruption [CVE-2020-9999]medium7.5---
165922Apple iOS/iPadOS use after free [CVE-2020-9996]medium4.3---
165921Apple macOS use after free [CVE-2020-9996]medium4.3---
165920Apple iOS/iPadOS Address Bar clickjacking [CVE-2020-9993]low5.0---
165919Apple Safari Address Bar clickjacking [CVE-2020-9993]low5.0---
165918Apple watchOS Address Bar clickjacking [CVE-2020-9993]low5.0---
165917Apple tvOS denial of service [CVE-2020-9991]low3.5---
165916Apple iCloud denial of service [CVE-2020-9991]low3.5---
165915Apple iOS/iPadOS denial of service [CVE-2020-9991]low3.5---
165914Apple watchOS denial of service [CVE-2020-9991]low3.5---
165913Apple macOS denial of service [CVE-2020-9991]low3.5---
165912Apple iOS/iPadOS Message information disclosure [CVE-2020-9989]low1.7---
165911Apple watchOS Message information disclosure [CVE-2020-9989]low1.7---
165910Apple macOS Message information disclosure [CVE-2020-9989]low1.7---
165909Apple iOS/iPadOS Message information disclosure [CVE-2020-9988]low1.7---
165908Apple macOS Message information disclosure [CVE-2020-9988]low1.7---
165907Apple Safari Address Bar clickjacking [CVE-2020-9987]low5.0---
165906Apple macOS use after free [CVE-2020-9981]medium7.5---
165905Apple tvOS use after free [CVE-2020-9981]medium7.5---
165904Apple iTunes use after free [CVE-2020-9981]medium7.5---
165903Apple iOS/iPadOS use after free [CVE-2020-9981]medium7.5---
165902Apple watchOS use after free [CVE-2020-9981]medium7.5---
165901Apple iOS/iPadOS Entitlement Verification information disclosurelow1.7---
165900Apple macOS Entitlement Verification information disclosure [CVE-2020-9977]low1.7---
165899Apple macOS Kernel information disclosure [CVE-2020-9974]low1.7---
165898Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9972]medium7.5---
165897Apple tvOS User Information sandbox [CVE-2020-9969]low1.7---
165896Apple iOS/iPadOS User Information sandbox [CVE-2020-9969]low1.7---
165895Apple watchOS User Information sandbox [CVE-2020-9969]low1.7---
165894Apple macOS User Information sandbox [CVE-2020-9969]low1.7---
165893Apple iOS/iPadOS out-of-bounds read [CVE-2020-9966]medium6.8---
165892Apple tvOS out-of-bounds read [CVE-2020-9966]medium6.8---
165891Apple watchOS out-of-bounds read [CVE-2020-9966]medium6.8---
165890Apple macOS out-of-bounds read [CVE-2020-9966]medium6.8---
165889Apple tvOS out-of-bounds read [CVE-2020-9965]medium6.8---
165888Apple iOS/iPadOS out-of-bounds read [CVE-2020-9965]medium6.8---
165887Apple watchOS out-of-bounds read [CVE-2020-9965]medium6.8---
165886Apple macOS out-of-bounds read [CVE-2020-9965]medium6.8---
165885Apple iOS/iPadOS Icon Cache information disclosure [CVE-2020-9963]low1.7---
165884Apple macOS Icon Cache information disclosure [CVE-2020-9963]low1.7---
165883Apple iOS/iPadOS Audio File buffer overflow [CVE-2020-9954]medium7.5---
165882Apple macOS Audio File buffer overflow [CVE-2020-9954]medium7.5---
165881Apple tvOS Audio File buffer overflow [CVE-2020-9954]medium7.5---
165880Apple watchOS Audio File buffer overflow [CVE-2020-9954]medium7.5---
165879Apple iOS/iPadOS use after free [CVE-2020-9950]medium7.5---
165878Apple Safari use after free [CVE-2020-9950]medium7.5---
165877Apple tvOS use after free [CVE-2020-9950]medium7.5---
165876Apple watchOS use after free [CVE-2020-9950]medium7.5---
165875Apple tvOS use after free [CVE-2020-9949]medium6.8---
165874Apple iOS/iPadOS use after free [CVE-2020-9949]medium6.8---
165873Apple watchOS use after free [CVE-2020-9949]medium6.8---
165872Apple macOS use after free [CVE-2020-9949]medium6.8---
165871Apple Safari Web Contents use after free [CVE-2020-9947]medium7.5---
165870Apple tvOS Web Contents use after free [CVE-2020-9947]medium7.5---
165869Apple iTunes Web Contents use after free [CVE-2020-9947]medium7.5---
165868Apple iOS/iPadOS Web Contents use after free [CVE-2020-9947]medium7.5---
165867Apple watchOS Web Contents use after free [CVE-2020-9947]medium7.5---
165866Apple Safari Address Bar clickjacking [CVE-2020-9945]low5.0---
165865Apple macOS Address Bar clickjacking [CVE-2020-9945]low5.0---
165864Apple iOS/iPadOS out-of-bounds read [CVE-2020-9944]low2.1---
165863Apple tvOS out-of-bounds read [CVE-2020-9944]low2.1---
165862Apple watchOS out-of-bounds read [CVE-2020-9944]low2.1---
165861Apple macOS out-of-bounds read [CVE-2020-9944]low2.1---
165860Apple tvOS out-of-bounds read [CVE-2020-9943]low2.1---
165859Apple iOS/iPadOS out-of-bounds read [CVE-2020-9943]low2.1---
165858Apple watchOS out-of-bounds read [CVE-2020-9943]low2.1---
165857Apple macOS out-of-bounds read [CVE-2020-9943]low2.1---
165856Apple Safari Address Bar clickjacking [CVE-2020-9942]low5.0---
165855Apple macOS Address Bar clickjacking [CVE-2020-9942]low5.0---
165854Apple macOS Email state issue [CVE-2020-9922]medium7.5---
165853Apple tvOS information disclosure [CVE-2020-9849]low3.5---
165852Apple iOS/iPadOS information disclosure [CVE-2020-9849]low3.5---
165851Apple watchOS information disclosure [CVE-2020-9849]low3.5---
165850Apple macOS information disclosure [CVE-2020-9849]low3.5---
165849irssi Docker Image improper authentication [CVE-2020-29602]high10.0---
165848Notary Docker Image improper authentication [CVE-2020-29601]high10.0---
165847spiped Docker Image access control [CVE-2020-29581]high10.0---
165846Storm Docker Image improper authentication [CVE-2020-29580]high10.0---
165845Express Gateway Docker Image improper authentication [CVE-2020-29579]high10.0---
165844piwik Docker Image improper authentication [CVE-2020-29578]high10.0---
165843znc Docker Image improper authentication [CVE-2020-29577]high10.0---
165842Eggdrop Docker image improper authentication [CVE-2020-29576]high10.0---
165841Elixir Docker Image improper authentication [CVE-2020-29575]high10.0---
165840Hashicorp Consul improper authentication [CVE-2020-29564]high10.0---
165839Systran Pure Neural Server API denial of service [CVE-2020-29540]low2.3---
165838Systran Pure Neural Server cross site scripting [CVE-2020-29539]low4.0---
165837Plum IK-401 Configuration File information disclosure [CVE-2020-28946]low3.3---
165836deepref code injection [CVE-2020-28274]medium6.5---
165835Apple macOS Kernel initialization [CVE-2020-27950]low1.7---
165834Apple macOS FontParser out-of-bounds write [CVE-2020-27927]medium7.5---
165833Apple macOS WebKit use after free [CVE-2020-27918]medium7.5---
165832Apple macOS libxml2 use after free [CVE-2020-27917]medium7.5---
165831Apple macOS Audio out-of-bounds write [CVE-2020-27916]medium7.5---
165830Apple macOS ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
165829Apple macOS libxml2 integer overflow [CVE-2020-27911]medium7.5---
165828Apple macOS Audio out-of-bounds read [CVE-2020-27910]medium7.5---
165827Apple macOS integer overflow [CVE-2020-27906]medium6.0---
165826Apple macOS State Management memory corruption [CVE-2020-27904]medium5.2---
165825Apple macOS privileges management [CVE-2020-27903]low4.9---
165824Apple macOS Snapshot permission [CVE-2020-27900]medium5.2---
165823Apple macOS Managed Frame Protection denial of service [CVE-2020-27898]low2.3---
165822Apple macOS path traversal [CVE-2020-27896]medium6.5---
165821Apple iTunes information disclosure [CVE-2020-27895]low2.3---
165820Apple macOS Metadata unknown vulnerability [CVE-2020-27894]low4.9---
165819QEMU Memory Management API out-of-bounds write [CVE-2020-27821]medium5.2---
165818ImageMagick txt.c integer overflowlow2.3---
165817ImageMagick quantum-private.h ScaleAnyToQuantum integer overflowlow2.3---
165816ImageMagick geometry.c ParseMetaGeometry divide by zerolow3.5---
165815ImageMagick image.c SetImageExtent memory leaklow2.3---
165814ImageMagick quantize.c IntensityCompare integer overflowmedium6.0---
165813ImageMagick miff.c AcquireMagickMemory memory leaklow2.3---
165812ImageMagick quantum-private.h heap-based overflowmedium5.2---
165811ImageMagick quantum-export.c integer overflowlow5.0---
165810ImageMagick colorspace-private.h divide by zerolow5.0---
165809AnyDesk XPC Interface access control [CVE-2020-27614]medium4.3---
165808aptdaemon policykit authorization [CVE-2020-27349]low4.0---
165807Mozilla Firefox memory corruption [CVE-2020-26969]medium7.5---
165806Mozilla Firefox/Thunderbird memory corruption [CVE-2020-26968]medium7.5---
165805Mozilla Firefox Screenshot injection [CVE-2020-26967]medium4.9---
165804Mozilla Firefox/Thunderbird mDNS information disclosure [CVE-2020-26966]low3.3---
165803Mozilla Firefox/Thunderbird Keyboard Layout unknown vulnerabilitylow4.9---
165802Mozilla Firefox Remote Debugging via USB Remote Privilege Escalationmedium6.0---
165801Mozilla Firefox API denial of service [CVE-2020-26963]low5.0---
165800Mozilla Firefox Login Autofill clickjacking [CVE-2020-26962]low5.0---
165799Mozilla Firefox/Thunderbird IPv6 Address dns rebinding [CVE-2020-26961]medium5.1---
165798Mozilla Firefox/Thunderbird Compact use after freemedium7.5---
165797Mozilla Firefox/Thunderbird Reference use after free [CVE-2020-26959]medium7.5---
165796Mozilla Firefox/Thunderbird MIME Type protection mechanism [CVE-2020-26958]medium7.5---
165795Mozilla Firefox OneCRL improper validation of integrity check valuemedium7.5---
165794Mozilla Firefox/Thunderbird SVG Event cross site scripting [CVE-2020-26956]low5.0---
165793Mozilla Firefox File Download information disclosure [CVE-2020-26955]low2.6---
165792Mozilla Firefox Fullscreen improper restriction of rendered ui layersmedium7.5---
165791Mozilla Firefox/Thunderbird Fullscreen improper restriction of rendered ui layersmedium7.5---
165790Mozilla Firefox JIT Compiler memory corruption [CVE-2020-26952]medium7.5---
165789Mozilla Firefox/Thunderbird Event Parser cross site scriptinglow5.0---
165788Mozilla Firefox/Thunderbird use after free [CVE-2020-26950]medium7.5---
165787fast-csv incorrect regex [CVE-2020-26256]low4.0---
165786Kirby CMS/Panel phar File unrestricted upload [CVE-2020-26255]medium5.8---
165785omniauth-apple Gem authentication spoofing [CVE-2020-26254]medium7.5---
165784Red Discord Bot Dashboard Name code injection [CVE-2020-26249]medium6.5---
165783Opencast Hostname Verification origin validation [CVE-2020-26234]medium5.1---
165782Git Credential Manager Core Working Directory git.exe name resolutionlow5.1---
165781SourceCodester Student Management System Subject cross site scriptinglow4.0---
165780Online Bus Booking System Login Page sql injection [CVE-2020-25889]medium5.8---
165779ImageMagick pixel.c InterpolatePixelInfo integer overflowmedium4.9---
165778ImageMagick transform.c CropImage integer overflowmedium4.9---
165777ImageMagick PNG Coder png.c WriteOnePNGImage out-of-bounds readlow2.3---
165776ImageMagick tiff.c TIFFGetProfiles out-of-bounds readlow2.3---
165775ImageMagick histogram.c HistogramCompare integer overflowmedium4.9---
165774ImageMagick PALM Image palm.c AcquireQuantumMemory out-of-bounds readlow2.3---
165773ImageMagick PNG Coder png.c WriteOnePNGImage out-of-bounds writemedium7.5---
165772ImageMagick channel.c ConformPixelInfo heap-based overflowmedium5.0---
165771Moodle cross site scripting [CVE-2020-25627]low4.0---
165770OpenSSL x509 Certificate GENERAL_NAME_cmp null pointer dereferencelow2.3---
165769Apache Tapestry deserialization [CVE-2020-17531]medium5.4---
165768Aptdaemon DBus Interface information disclosure [CVE-2020-16128]low2.3---
165767DiveBook Plugin divelog.php sql injectionmedium7.5---
165766DiveBook Plugin cross site scripting [CVE-2020-14206]low5.0---
165765DiveBook Plugin Log Dive Form access control [CVE-2020-14205]medium5.2---
165764Apple macOS CoreAudio out-of-bounds write [CVE-2020-10017]medium7.5---
165763Apple macOS Kernel memory corruption [CVE-2020-10016]medium6.8---
165762Apple macOS Path Validation sandbox [CVE-2020-10014]medium5.2---
165761Apple iOS/iPadOS state issue [CVE-2020-10013]medium6.8---
165760Apple tvOS state issue [CVE-2020-10013]medium6.8---
165759Apple macOS Document cross site scripting [CVE-2020-10012]low4.0---
165758Apple macOS Model I/O out-of-bounds read [CVE-2020-10011]medium7.5---
165757Apple macOS Logging path traversal [CVE-2020-10010]low4.3---
165756Apple macOS Crash Reporter symlink [CVE-2020-10003]medium4.6---
165755Apple macOS Foundation behavioral workflow [CVE-2020-10002]low1.7---
165754Apple macOS sandbox [CVE-2020-10009]medium5.2---
165753Apple macOS state issue [CVE-2020-10007]low1.7---
165752Apple macOS access control [CVE-2020-10006]medium5.2---
165751Apple macOS Model I/O behavioral workflow [CVE-2020-10004]medium7.5---
165750Microsoft Windows SMB information disclosure [CVE-2020-17140]medium8.5---
165749Microsoft Windows NTFS Remote Privilege Escalation [CVE-2020-17096]medium7.1---
165748Microsoft Windows Digital Media Receiver privileges managementlow1.7---
165747Microsoft Windows Lock Screen improper authentication [CVE-2020-17099]medium7.2---
165746Microsoft Windows Hyper-V Remote Privilege Escalation [CVE-2020-17095]medium7.1---
165745Microsoft Windows Error Reporting information disclosure [CVE-2020-17094]low4.6---
165744Microsoft Windows Backup Engine privileges management [CVE-2020-16962]medium6.8---
165743Microsoft Windows Backup Engine privileges management [CVE-2020-16963]medium6.8---
165742Microsoft Windows Backup Engine privileges management [CVE-2020-16964]medium6.8---
165741Microsoft Windows Backup Engine privileges management [CVE-2020-16961]medium6.8---
165740Microsoft Windows Backup Engine privileges management [CVE-2020-16959]medium6.8---
165739Microsoft Windows Backup Engine privileges management [CVE-2020-16958]medium6.8---
165738Microsoft Windows Backup Engine privileges management [CVE-2020-16960]medium6.8---
165737Microsoft Visual Studio TS-Lint Extension code injection [CVE-2020-17150]medium7.5---
165736Microsoft Visual Studio code injection [CVE-2020-17156]medium7.5---
165735Microsoft Visual Studio Java Extension Pack code injection [CVE-2020-17159]medium7.5---
165734Microsoft Visual Studio Remote SSH Extension code injection [CVE-2020-17148]medium7.2---
165733Microsoft Windows Cloud Files Mini Filter Driver privileges managementmedium6.8---
165732Microsoft Windows Cloud Files Mini Filter Driver privileges managementmedium6.0---
165731Microsoft Windows Overlay Filter protection mechanism [CVE-2020-17139]medium6.8---
165730Microsoft Windows Network Connections Service privileges managementmedium6.8---
165729Microsoft Windows Error Reporting information disclosure [CVE-2020-17138]low1.7---
165728Microsoft Windows Kerberos protection mechanism [CVE-2020-16996]medium6.8---
165727Microsoft Windows Cloud Files Mini Filter Driver privileges managementmedium6.8---
165726Microsoft SharePoint privileges management [CVE-2020-17089]medium7.1---
165725Microsoft SharePoint unknown vulnerability [CVE-2020-17118]medium9.4---
165724Microsoft SharePoint Remote Privilege Escalation [CVE-2020-17121]medium9.0---
165723Microsoft SharePoint information disclosure [CVE-2020-17120]low2.1---
165722Microsoft SharePoint input validation [CVE-2020-17115]medium9.0---
165721Microsoft Office/Office Web Apps/SharePoint Server Remote Code Executionmedium7.5---
165720Microsoft Excel information disclosure [CVE-2020-17126]low5.0---
165719Microsoft Excel Remote Code Execution [CVE-2020-17127]medium7.5---
165718Microsoft Excel Remote Code Execution [CVE-2020-17125]medium7.5---
165717Microsoft Outlook information disclosure [CVE-2020-17119]low5.0---
165716Microsoft Excel Remote Code Execution [CVE-2020-17123]medium7.5---
165715Microsoft PowerPoint Remote Code Execution [CVE-2020-17124]medium7.5---
165714Microsoft Excel Remote Code Execution [CVE-2020-17129]medium7.5---
165713Microsoft Excel Remote Code Execution [CVE-2020-17128]medium7.5---
165712Microsoft Excel protection mechanism [CVE-2020-17130]medium7.5---
165711Microsoft Windows GDI+ information disclosure [CVE-2020-17098]low4.6---
165710Microsoft Windows DirectX Graphics privileges management [CVE-2020-17137]medium6.8---
165709Microsoft Microsoft Exchange Server code injection [CVE-2020-17142]high8.3---
165708Microsoft Microsoft Exchange Server code injection [CVE-2020-17132]high8.3---
165707Microsoft Microsoft Exchange Server Remote Privilege Escalationmedium6.8---
165706Microsoft Microsoft Exchange Server code injection [CVE-2020-17141]medium8.3---
165705Microsoft Microsoft Exchange Server code injection [CVE-2020-17144]medium8.3---
165704Microsoft Microsoft Exchange Server information disclosure [CVE-2020-17143]medium9.0---
165703Microsoft Edge/ChakraCore Chakra Scripting Engine memory corruptionmedium7.5---
165702Microsoft Microsoft Edge input validation [CVE-2020-17153]low5.0---
165701Microsoft Dynamics 365 for Finance and Operations code injectionmedium9.0---
165700Microsoft Dynamics 365 for Finance and Operations code injectionmedium9.0---
165699Microsoft Microsoft Dynamics NAV 2015 information disclosuremedium6.8---
165698Microsoft Microsoft Dynamics 365 cross site scripting [CVE-2020-17147]low4.0---
165697Microsoft Azure Sphere protection mechanism [CVE-2020-17160]medium7.1---
165696Microsoft Azure SDK for Java protection mechanism [CVE-2020-16971]medium7.1---
165695Microsoft C SDK for Azure IoT protection mechanism [CVE-2020-17002]medium7.1---
165694Microsoft Azure DevOps Server input validation [CVE-2020-17135]medium5.5---
165693Microsoft Azure DevOps Server/Team Foundation Server input validationlow5.5---
165692QNAP QTS/QuTS cross site scripting [CVE-2020-2498]low4.0---
165691QNAP QTS/QuTS cross site scripting [CVE-2020-2497]low4.0---
165690QNAP QTS/QuTS cross site scripting [CVE-2020-2496]low4.0---
165689QNAP QTS/QuTS cross site scripting [CVE-2020-2495]low4.0---
165688QNAP QTS/QuTS command injection [CVE-2019-7198]medium5.2---
165687Wildfly OpenTracing API memory leak [CVE-2020-27822]low3.5---
165686pngcheck check_chunk_name out-of-bounds readlow2.3---
165685Kirby CMS/Panel Admin Panel cms origin validationlow2.6---
165684OpenLDAP RDN null pointer dereference [CVE-2020-25692]low4.3---
165683Ceph-ansible iscsi-gateway.conf cleartext storagelow2.7---
165682Moodle Book Chapter Title cross site scripting [CVE-2020-25631]low4.0---
165681Moodle ZIP File resource consumption [CVE-2020-25630]low5.0---
165680Moodle Log in as access control [CVE-2020-25629]medium6.5---
165679Moodle Tag Manager cross site scripting [CVE-2020-25628]low4.0---
165678ASUS RT-AC88U Download Master Title injection [CVE-2020-29655]low5.0---
165677ASUS RT-AC88U Download Master direct request [CVE-2020-29656]low5.0---
165676Kubernetes kube-controller-manager Ceph RBD log file [CVE-2020-8566]low1.0---
165675Kubernetes Token log file [CVE-2020-8565]low1.0---
165674Kubernetes Config File log file [CVE-2020-8564]low1.0---
165673Kubernetes VSphere Credential log file [CVE-2020-8563]low2.7---
165672AWStats awstats.pl pathname traversallow2.7---
165671ImageMagick PDF File pdf.c os command injectionmedium7.5---
165670IncomCMS script.php unrestricted uploadmedium5.4---
165669Acdsee Photo Studio Studio Professional 2021 IDE_ACDStd.apl memory corruptionmedium5.2---
165668Nlnet Labs Unbound/NSD PID File link following [CVE-2020-28935]medium3.2---
165667Apache Groovy Extension temp file [CVE-2020-17521]low2.7---
165666Apache APISIX Admin API improper authentication [CVE-2020-13945]medium5.2---
165665Huawei Honor 20 Pro Configuration Parameter buffer overflow [CVE-2020-9247]medium5.2---
165664Eat Spray Love mobile App improper authentication [CVE-2020-5800]medium5.8---
165663Eat Spray Love mobile App backdoor [CVE-2020-5799]medium5.2---
165662inSync Client Installer improper validation of integrity check valuemedium7.7---
165661Kata Containers unknown vulnerability [CVE-2020-27151]medium7.7---
165660Intland codeBeamer ALM ReqIF XML Data xml external entity referencemedium6.0---
165659Inspur NF5266M5 Baseboard Management Controller signature verificationlow3.3---
165658Microsoft Teams Message cross site scripting [CVE-2020-10146]medium5.0---
165657SeedDMS class.DropFolderChooser.php cross site scriptinglow4.0---
165656Google Chrome V8 uninitialized pointer [CVE-2020-16042]medium7.5---
165655Google Chrome Networking out-of-bounds read [CVE-2020-16041]medium7.5---
165654Google Chrome V8 Remote Code Execution [CVE-2020-16040]medium7.5---
165653Google Chrome Extension use after free [CVE-2020-16039]medium7.5---
165652Google Chrome Media use after free [CVE-2020-16038]medium7.5---
165651Google Chrome Clipboard use after free [CVE-2020-16037]medium7.5---
165650Apple iCloud WebKit use after free [CVE-2020-9951]medium7.5---
165649Apple iCloud WebKit use after free [CVE-2020-9947]medium7.5---
165648Apple iCloud WebKit use after free [CVE-2020-27918]medium7.5---
165647Apple iCloud WebKit out-of-bounds write [CVE-2020-9983]medium7.5---
165646Apple iCloud WebKit use after free [CVE-2020-27918]low5.0---
165645Apple iCloud WebKit use after free [CVE-2020-9951]medium7.5---
165644Apple iCloud SQLite denial of service [CVE-2020-13631]low2.3---
165643Apple iCloud SQLite information disclosure [CVE-2020-9849]low3.5---
165642Apple iCloud SQLite memory corruption [CVE-2020-13630]medium6.0---
165641Apple iCloud SQLite denial of service [CVE-2020-13435]low3.5---
165640Apple iCloud SQLite denial of service [CVE-2020-13434]low3.5---
165639Apple iCloud libxml2 use after free [CVE-2020-9981]medium7.5---
165638Apple iCloud libxml2 integer overflow [CVE-2020-27911]medium7.5---
165637Apple iCloud libxml2 use after free [CVE-2020-27917]medium7.5---
165636Apple iCloud ImageIO out-of-bounds write [CVE-2020-9876]medium7.5---
165635Apple iCloud ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
165634Apple iCloud ImageIO out-of-bounds read [CVE-2020-9961]medium7.5---
165633Apple iCloud Foundation state issue [CVE-2020-10002]low1.7---
165632GNU C Library ldbl2mpn.c sprintf stack-based overflowmedium5.2---
165631MISP genericField.ctp cross site scriptinglow4.0---
165630National Instruments CompactRIO Driver permission assignmentmedium5.0---
165629Kaspersky Anti-Ransomware Tool uncontrolled search path [CVE-2020-28950]medium6.5---
165628ImageMagick statistic.c integer overflowlow4.9---
165627ImageMagick quantum.h integer overflowlow4.9---
165626ImageMagick statistic.c integer overflowlow4.9---
165625ImageMagick gem-private.h divide by zerolow2.3---
165624ImageMagick bmp.c integer overflowlow4.9---
165623Moddable SDK xsSyntaxical.c:3419 xObjectBindingFromExpression denial of servicelow3.5---
165622Moddable SDK xsDebug.c heap-based overflowmedium6.5---
165621Moddable SDK xsCommon.c fxUTF8Decode denial of servicelow3.5---
165620Moddable SDK xsSyntaxical.c fxCheckArrowFunction heap-based overflowmedium6.5---
165619Moddable SDK xsProxy.c fxProxyGetter denial of servicelow3.5---
165618Arachnys Cabot Address Column cross site scripting [CVE-2020-25449]low4.0---
165617ImageMagick pdf.c RestoreMSCWarning integer overflowmedium4.9---
165616ImageMagick SubstituteString integer overflowmedium5.2---
165615ImageMagick quantum.h integer overflowlow4.9---
165614ImageMagick statistic.c integer overflowlow4.9---
165613ImageMagick segment.c divide by zerolow2.3---
165612openSIS Community Edition SideForStudent.php cross site scriptinglow4.0---
165611openSIS Community Edition ResetUserInfo.php access controlmedium5.8---
165610Mitsubishi Electric GT2107-WTBD out-of-bounds read [CVE-2020-5675]low3.5---
165609OpenStack Horizon redirect [CVE-2020-29565]low4.9---
165608GNU C Library UCS4 Text denial of service [CVE-2020-29562]low2.3---
165607SonicBOOM riscv-boom authorization [CVE-2020-29561]medium4.9---
165606QEMU RX Descriptor e1000e_core.c infinite looplow2.3---
165605snapcraft uncontrolled search path [CVE-2020-27348]low3.5---
165604Linux Kernel Reference execve unknown vulnerabilitylow4.9---
165603Hashicorp go-slug pathname traversal [CVE-2020-29529]medium5.2---
165602productcomments sql injection [CVE-2020-26248]low2.1---
165601AnyView Monitoring Software denial of service [CVE-2020-23741]low1.7---
165600DriverGenius Driver Wizard access control [CVE-2020-23740]medium4.3---
165599Advanced SystemCare denial of service [CVE-2020-23738]low4.6---
165598DaDa Accelerator denial of service [CVE-2020-23736]low4.6---
165597Apache Tomcat Request Header information disclosure [CVE-2020-17527]low2.6---
165596PulseAudio Snap Policy Module race condition [CVE-2020-16123]low1.0---
165595stringstream Module out-of-bounds read [CVE-2018-21270]low2.3---
165594Allen-Bradley MicroLogix 1100 denial of service [CVE-2020-6111]low2.3---
165593Check Point Endpoint Security Client Installation uncontrolled search pathmedium6.5---
165592Valve Game Networking Sockets Plain-Text Message SNP_ReceiveUnreliableSegment heap-based overflowmedium6.5---
165591OpenClinic test_new.php unrestricted uploadmedium4.9---
165590OpenClinic Check.php cross site scripting [CVE-2020-28938]low4.0---
165589OpenClinic direct request [CVE-2020-28937]low3.3---
165588Play Framework Java API unknown vulnerability [CVE-2020-28923]low4.9---
165587Netscout AirMagnet Enterprise Sensor access control [CVE-2020-28251]medium7.7---
165586Almico Speedfan access control [CVE-2020-28175]medium4.3---
165585python-lxml Clean Module cross site scripting [CVE-2020-27783]low4.0---
165584Poppler pdftohtml uninitialized pointer [CVE-2020-27778]low3.5---
165583ImageMagick statistic.c ApplyEvaluateOperator integer overflowlow2.3---
165582ImageMagick resize.c divide by zerolow2.3---
165581ImageMagick hdr.c integer overflowlow2.3---
165580ImageMagick palm.c WritePALMImage integer overflowlow4.9---
165579ImageMagick enhance.c GammaImage divide by zerolow3.5---
165578ImageMagick quantize.c IntensityCompare integer overflowlow2.3---
165577Infinispan REST API access control [CVE-2020-25711]medium5.2---
165576CImg load_pnm heap-based overflowmedium5.2---
165575FasterXML Jackson Databind xml external entity reference [CVE-2020-25649]medium4.9---
165574Saibo Game Accelerator access control [CVE-2020-23735]medium4.3---
165573Antiy Zhijia Terminal Defense System denial of service [CVE-2020-23727]low4.6---
165572Wise Care 365 denial of service [CVE-2020-23726]low4.6---
165571CVS Plugin XML Parser xml external entity reference [CVE-2020-2324]medium4.9---
165570Chaos Monkey Plugin authorization [CVE-2020-2323]medium5.2---
165569Chaos Monkey Plugin Read memory leaklow2.3---
165568Shelve Project Plugin cross-site request forgery [CVE-2020-2321]low4.0---
165567Plugin Installation Manager Tool Plugin Download code downloadlow4.6---
165566Linux Kernel futex use after free [CVE-2020-14381]low4.3---
165565Linux Kernel perf Subsystem use after free [CVE-2020-14351]medium4.3---
165564libvirt File Descriptor control release of resourcemedium5.2---
165563Samba privileges assignment [CVE-2020-14318]low2.7---
165562WebKit WebKitGTK Web Page use after free [CVE-2020-13584]medium7.5---
165561WebKit WebKitGTK Websocket use after free [CVE-2020-13543]medium7.5---
165560LogicalDoc permission [CVE-2020-13542]medium6.8---
165559Pixar OpenUSD USD File Ha USD File Handler use after freemedium7.5---
165558ProcessMaker reportTables_Ajax sql injectionmedium6.5---
165557Pixar OpenUSD USD File out-of-bounds read [CVE-2020-13524]low5.0---
165556EC-CUBE denial of service [CVE-2020-5680]low3.5---
165555EC-CUBE UI Layer clickjacking [CVE-2020-5679]low4.0---
165554GROWI cross site scripting [CVE-2020-5678]low4.0---
165553GROWI cross site scripting [CVE-2020-5677]low4.0---
165552GROWI information disclosure [CVE-2020-5676]low3.5---
165551Desknet NEO cross site scripting [CVE-2020-5638]low4.0---
165550Xerox DocuShare XML xml entity expansion [CVE-2020-27177]medium5.8---
165549Mozilla Thunderbird SMTP Server Response Code stack-based overflowmedium6.5---
165548Pimcore improper authorization [CVE-2020-26246]medium6.5---
165547Gym Management System manage_user.php sql injectionmedium7.5---
165546Car Rental Management System view_car.php sql injectionmedium7.5---
165545Point of Sales in PHP-PDO edit_category.php sql injectionmedium6.5---
165544Multi Restaurant Table Reservation System view-chair-list.php sql injectionmedium7.5---
165543Online Doctor Appointment Booking System getuser.php sql injectionmedium6.5---
165542BloodX sql injection [CVE-2020-29282]medium7.5---
165541Victor CMS search.php sql injectionmedium7.5---
16554074CMS BaseController.class.php assign_resume_tpl file inclusionmedium6.0---
165539Bitrix Framework excessive authentication [CVE-2020-28206]low2.6---
165538Python oic cryptographic issues [CVE-2020-26244]low3.8---
165537Crux Linux Docker Image credentials management [CVE-2020-29389]medium5.8---
165536Lepton CMS Admin Page cross site scripting [CVE-2020-29240]low4.0---
165535Online Birth Certificate System Project User Registration cross site scriptinglow4.0---
165534set-in Prototype code injection [CVE-2020-28273]medium6.5---
165533keyget Prototype code injection [CVE-2020-28272]medium6.5---
165532hibernate-core JPA Criteria API sql injection [CVE-2020-25638]medium6.5---
165531AppImage appimaged MP3 File code download [CVE-2020-25266]low4.9---
165530AppImage libappimage Desktop File path traversal [CVE-2020-25265]medium4.1---
165529Red Hat CloudForms HTTP Request cross-site request forgery [CVE-2020-14369]low4.0---
165528Apache HttpClient URI Object unknown vulnerability [CVE-2020-13956]low4.9---
165527Pixar OpenUSD Encoding out-of-bounds read [CVE-2020-13498]low4.0---
165526Pixar OpenUSD Encoding out-of-bounds read [CVE-2020-13497]low5.0---
165525Pixar OpenUSD Encoding out-of-bounds read [CVE-2020-13496]low5.0---
165524Pixar OpenUSD USD File out-of-bounds read [CVE-2020-13494]low5.0---
165523Pixar OpenUSD USD File heap-based overflow [CVE-2020-13493]medium7.5---
165522Phoenix Contact BTP 2043W/BTP 2070W/BTP 2102W resource consumptionlow5.0---
165521libxls XLS File xls_addCell out-of-bounds writemedium7.5---
165520cpp-ethereum libevm Smart Contract Code out-of-bounds write [CVE-2017-14451]medium7.5---
165519FreeBSD ICMPv6 use after free [CVE-2020-7469]medium7.5---
165518FreeBSD rtsold memory corruption [CVE-2020-25577]medium7.5---
165517Textpattern CMS prefs Subsystem cross-site request forgery [CVE-2020-29458]low5.0---
165516Papermerge create folder cross site scriptinglow5.0---
165515HPE Edgeline Infrastructure Manager improper authentication [CVE-2020-7199]medium6.0---
165514Valve Game Networking Sockets libsodium Decrypt stack-based overflowmedium6.5---
165513CAPI YAML Parser resource consumption [CVE-2020-5423]low5.0---
165512HCL Notes DXL buffer overflow [CVE-2020-4102]medium5.2---
165511Umbraco LogViewerController.cs access controlmedium5.2---
165510elasticsearch-operator-container Namespace Validator redirectmedium6.0---
165509Gorilla Websocket Frame integer overflow [CVE-2020-27813]low2.3---
165508QEMU USB EHCI Emulation assertion [CVE-2020-25723]low2.3---
165507Linux Kernel Performance Monitoring Subsystem resource consumptionlow1.7---
165506Samba DNS Server denial of service [CVE-2020-14383]low2.3---
165505Linux Kernel Voice over IP H.323 Connection Tracking out-of-bounds writemedium7.5---
165504HCL Domino DXL buffer overflow [CVE-2020-14260]medium5.2---
165503Software-properties ppa.py certificate validationmedium5.1---
165502Trend Micro Apex One/OfficeScan XG information disclosure [CVE-2020-28583]low2.9---
165501Trend Micro Apex One/OfficeScan XG information disclosure [CVE-2020-28582]low2.9---
165500Trend Micro Apex One/OfficeScan XG information disclosure [CVE-2020-28577]low2.9---
165499Trend Micro Apex One/OfficeScan XG information disclosure [CVE-2020-28576]low2.9---
165498Trend Micro ServerProtect for Linux heap-based overflow [CVE-2020-28575]medium4.6---
165497Trend Micro Apex One/OfficeScan XG information disclosure [CVE-2020-28573]low2.9---
165496oauthenticator Whitelist improper authorization [CVE-2020-26250]low2.1---
165495Kia Head Unit micomd command injection [CVE-2020-8539]medium5.2---
165494Schneider Electric Smartlink/PowerTag/Wiser Series Gateway random valueslow3.3---
165493Schneider Electric EcoStruxure/SmartStruxure access control [CVE-2020-7547]medium5.2---
165492Schneider Electric EcoStruxure/SmartStruxure Web Page Generation cross site scriptinglow4.0---
165491Schneider Electric EcoStruxure/SmartStruxure access control [CVE-2020-7545]medium5.2---
165490Schneider Electric Modicon Quantum/ModiconPremium Legacy Communication Module credentials managementmedium5.8---
165489ZXELINK ZXV10 W908 sql injection [CVE-2020-6880]medium7.5---
165488HCL Domino ID Vault Service excessive authentication [CVE-2020-4128]low4.3---
165487ThinkAdmin cross site scripting [CVE-2020-29315]low4.0---
165486ATX miniCMTS200a Broadband Gateway/Pico CMTS pathname traversalmedium5.8---
165485Western Digital My Cloud OS improper authentication [CVE-2020-28971]medium5.8---
165484Western Digital My Cloud OS Cookie improper authentication [CVE-2020-28970]medium5.8---
165483Western Digital My Cloud OS NAS Admin Dashboard improper authenticationmedium4.6---
165482Edimax IC-3116W/IC-3140W GET Request ipcam_cgi doGetSysteminfo stack-based overflowmedium7.5---
165481WECON PLC Editor heap-based overflow [CVE-2020-25181]medium5.2---
165480WECON PLC Editor stack-based overflow [CVE-2020-25177]medium5.2---
165479Apache Cordova Camera Plugin access control [CVE-2020-11990]medium5.2---
165478SolarWinds Web Help Desk cross site scripting [CVE-2019-16958]low4.0---
165477Huawei Nova 4/SydneyM-AL00 out-of-bounds write [CVE-2020-9117]medium5.2---
165476Huawei FusionCompute Administrator access control [CVE-2020-9114]medium5.2---
165475McAfee Total Protection Microsoft Windows Client access controlmedium4.3---
165474containerd containerd-shim API resource transfer [CVE-2020-15257]medium4.3---
165473Huawei FusionCompute command injection [CVE-2020-9116]medium6.5---
165472Huawei ManageOne Plugin command injection [CVE-2020-9115]medium5.2---
165471Lenovo PCManager config [CVE-2020-8351]medium4.3---
165470SAP Adaptive Server Enterprise ASE Cockpit log file [CVE-2020-6317]low1.7---
165469HCL Domino LDAP Service excessive authentication [CVE-2020-4129]low4.3---
165468HCL Domino Login cross-site request forgery [CVE-2020-4127]low5.0---
165467HCL iNotes HTTP Session cleartext transmission [CVE-2020-4126]low2.6---
165466Upload Widget in OutSystems Platform unrestricted upload [CVE-2020-29441]medium7.5---
165465Tesla Model X Pairing certificate validation [CVE-2020-29440]medium5.8---
165464Tesla Model X Authentication improper authentication [CVE-2020-29439]medium5.8---
165463Tesla Model X Signature Verification signature verification [CVE-2020-29438]low2.3---
165462EventON Plugin Search Field addons cross site scriptinglow4.0---
165461dlt-daemon Diagnostic Log dlt_common.c dlt_filter_load buffer overflowmedium5.2---
165460Quick Heal Total Security File Vault excessive authenticationlow3.4---
165459Quick Heal Total Security Quarantine inadequate encryption [CVE-2020-27586]low2.3---
165458Quick Heal Total Security excessive authentication [CVE-2020-27585]low4.0---
165457PbootCMS Password cross-site request forgery [CVE-2020-17901]low5.0---
165456Mitsubishi Electric MELSEC iQ-R denial of service [CVE-2020-16850]medium7.8---
165455Canon MF237w IPv4/ICMPv4 information disclosure [CVE-2020-16849]low3.3---
165454Automation Template classes injectionmedium6.0---
165453Audacity audacity-$USER temp filemedium4.0---
165452Estil Hill Lock Password Manager Safe App backdoor [CVE-2020-29392]medium4.6---
165451ZeroShell kerbynet os command injectionmedium5.8---
165450NetArt News Lister News Headline cross site scripting [CVE-2020-29364]low4.0---
165449minidlna UPnP HTTP Request buffer overflow [CVE-2020-28926]medium6.5---
165448UCMS File Upload unrestricted upload [CVE-2020-25537]medium4.9---
165447IBM Business Automation Workflow log file [CVE-2020-4900]low2.1---
165446IBM Cloud Pak for Security session fixiation [CVE-2020-4696]medium6.5---
165445IBM Cloud Pak for Security csv injection [CVE-2020-4627]medium6.5---
165444IBM Cloud Pak for Security HTTP Request information disclosurelow4.0---
165443IBM Cloud Pak for Security cookie without 'httponly' flag [CVE-2020-4625]low2.6---
165442IBM Cloud Pak for Security inadequate encryption [CVE-2020-4624]low2.6---
165441PNGOUT PNG File integer overflow [CVE-2020-29384]medium7.5---
165440Canto Plugin tree.php server-side request forgerymedium5.8---
165439Canto Plugin get.php server-side request forgerymedium5.8---
165438Canto Plugin detail.php server-side request forgerymedium5.8---
165437Fujitsu Eternus Storage DX200 S4 csp improper restriction of rendered ui layersmedium7.2---
165436Synology SafeAccess request.cgi sql injectionmedium7.5---
165435Synology SafeAccess cross site scripting [CVE-2020-27659]low4.0---
165434QEMU Host Controller Driver hcd-ohci.c stack-based overflowmedium5.2---
165433Fuji Electric V-Server Lite out-of-bounds write [CVE-2020-25171]medium10.0---
165432V-SOL V1600D4L/V1600D-MINI RSA Private Key hard-coded key [CVE-2020-29383]low1.8---
165431V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 RSA Private Key hard-coded keylow1.8---
165430V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 CLI command injectionmedium6.5---
165429V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 Telnet cleartext transmissionlow2.6---
165428V-SOL V1600D4L/V1600D-MINI Firmware Update sh improper authenticationmedium5.8---
165427V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 CLI hard-coded credentialsmedium5.8---
165426V-SOL V1600D hard-coded credentials [CVE-2020-29377]medium7.5---
165425V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 Telnet Service hard-coded credentialsmedium5.8---
165424V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 hard-coded passwordlow2.3---
165423Linux Kernel gup gup.c get_user_pages race conditionlow4.9---
165422Linux Kernel Filesystem io_uring.c path traversalmedium5.2---
165421Linux Kernel madvise.c do_madvise race conditionlow4.9---
165420Linux Kernel storage.c romfs_dev_read uninitialized pointerlow2.3---
165419Linux Kernel Slowpath slub.c kmem_cache_alloc_bulk race conditionlow4.9---
165418Linux Kernel mmap.c expand_upwards race conditionlow4.9---
165417Linux Kernel THP Mapcount Check huge_memory.c __split_huge_pmd race conditionlow4.9---
165416Linux Kernel Fair Scheduler show_numa_stats use after freemedium4.9---
165415Eclipse Jetty gzip injection [CVE-2020-27218]medium4.9---
165414Blosc C-Blosc2 Compressed Data blosc2.c heap-based overflowmedium5.2---
165413systeminformation Prototype si.inetChecksite os command injectionmedium7.5---
165412com.softwaremill.akka-http-session Header cross-site request forgerylow4.0---
165411Sagemcom F@ST3486 NET DOCSIS Configuration File backupsettings.conf access controlmedium5.0---
165410Devid Espenschied PC Analyser Physical Memory PCADRVX64.SYS privileges managementmedium6.6---
165409Devid Espenschied PC Analyser IOCTL Handler Function PCADRVX64.SYS memory corruptionmedium7.7---
165408Slurm proc race conditionlow1.4---
165407Slurm PMIx MPI plugin buffer overflow [CVE-2020-27745]medium5.2---
165406LibVNCServer Exception divide by zero [CVE-2020-25708]low2.3---
165405ZyXEL UTM/VPN HTTP Packet fbwifi_continue.cgi buffer overflowmedium7.5---
165404Red Hat Enterprise Linux Unbound resource consumption [CVE-2020-10772]low2.3---
165403B&R Industrial Automation APROL AprolSqlServer improper authenticationmedium5.8---
165402B&R Industrial Automation APROL AprolSqlServer pathname traversalmedium5.2---
165401B&R Industrial Automation APROL EnMon sql injection [CVE-2019-19876]medium6.5---
165400B&R Industrial Automation APROL AprolCluster Script injectionmedium4.9---
165399B&R Industrial Automation APROL Web Interface injection [CVE-2019-19874]medium4.9---
165398B&R Industrial Automation APROL AprolSqlServer DBMS improper authenticationmedium3.3---
165397B&R Industrial Automation APROL AprolLoader injection [CVE-2019-19872]medium4.9---
165396B&R Industrial Automation APROL IosHttp Service/JSON interface unknown vulnerabilitylow4.9---
165395Crafter CMS Crafter Studio cross site scripting [CVE-2017-15686]low4.0---
165394Crafter CMS Crafter Studio xml external entity reference [CVE-2017-15685]low2.9---
165393Crafter CMS Crafter Studio pathname traversal [CVE-2017-15684]medium3.3---
165392Crafter CMS Crafter Studio information disclosure [CVE-2017-15683]low2.9---
165391Crafter CMS Crafter Studio injection [CVE-2017-15682]medium5.4---
165390Crafter CMS Crafter Studio pathname traversal [CVE-2017-15681]medium7.5---
165389Crafter CMS Crafter Studio resource injection [CVE-2017-15680]medium5.8---
165388CyberArk Endpoint Privilege Manager Credential Theft Protection protection mechanismmedium4.9---
165387Ericsson BSCS iX R18 Billing & Rating cross site scripting [CVE-2020-29145]low4.0---
165386Ericsson BSCS iX R18 Billing & Rating Alert Dashboard Comment cross site scriptinglow4.0---
165385cPanel WHM Transfer Tool Interface cross site scripting [CVE-2020-29137]low4.0---
165384cPanel 2FA improper authentication [CVE-2020-29136]medium4.6---
165383cPanel URL Parameter injection [CVE-2020-29135]medium4.9---
165382Coremail XT Signature upload.jsp cross site scriptinglow4.0---
165381libslirp Packet Length slirp.c buffer overflowmedium5.2---
165380libslirp Packet Length ncsi.c buffer overflowmedium5.2---
165379BigBlueButton Email Address edit improper authenticationmedium5.8---
165378BigBlueButton excessive authentication [CVE-2020-29042]low5.0---
165377GLPI getDropdownValue.php resource injectionlow2.3---
165376GLPI comments.php resource injectionmedium4.9---
165375Zetetic SQLCipher sqlite3.c sqlite3Strlen30 use after freelow3.5---
165374Cloudera Data Engineering cross-site request forgery [CVE-2020-26936]low4.0---
165373Intelbras TIP200/TIP200LITE/TIP300 cgiServer.exx pathname traversalmedium5.2---
165372Intelbras TIP200/TIP200LITE/TIP300 cgiServer.exx cross site scriptinglow4.0---
165371djvalidator incorrect regex [CVE-2020-7779]low2.3---
165370systeminformation os command injection [CVE-2020-7778]medium7.5---
165369petl XML Document xml injection [CVE-2020-29128]low4.9---
165368FactoryTalk Linx Address Space Layout Randomization heap-based overflowmedium7.5---
165367FactoryTalk Linx Check Routine denial of service [CVE-2020-27253]low5.0---
165366Rockwell Automation FactoryTalk Linx Port Range heap-based overflowmedium7.5---
165365spice-vdagentd Client Connection race condition [CVE-2020-25653]low4.9---
165364spice-vdagentd Unix Domain Socket spice-vdagent-sock allocation of resourceslow1.7---
165363spice-vdagent File Transfer race condition [CVE-2020-25651]low4.9---
165362x11vnc shmget Call scan.c access controlmedium5.2---
165361osCommerce Newsletter cross site scripting [CVE-2020-29070]low4.0---
165360Nanopb Message memory corruption [CVE-2020-26243]low5.0---
165359GLPI caldav.php authorizationmedium4.0---
165358spice-vdagentd File Transfer spice-vdagent-sock allocation of resourceslow4.6---
165357Atlassian Fisheye/Crucible MessageBundleResource denial of servicelow3.5---
165356Atlassian Fisheye/Crucible EyeQL incorrect regex [CVE-2020-14190]low3.5---
165355LiquidFiles cross site scripting [CVE-2020-29072]low4.0---
165354LiquidFiles Attachment permission [CVE-2020-29071]medium5.2---
165353Go Ethereum Block denial of service [CVE-2020-26242]low4.0---
165352Go Ethereum Consensus calculation [CVE-2020-26241]medium4.0---
165351Go Ethereum ethash Mining DAG Generation calculation [CVE-2020-26240]low2.6---
165350CRIXP OpenCRX Password Change password recovery [CVE-2020-7378]medium7.5---
165349Vmware SD-WAN Orchestrator sql injection [CVE-2020-4003]medium5.2---
165348Vmware SD-WAN Orchestrator System Parameter permission assignmentlow5.2---
165347Vmware SD-WAN Orchestrator hard-coded password [CVE-2020-4001]low3.3---
165346Vmware SD-WAN Orchestrator pathname traversal [CVE-2020-4000]medium5.2---
165345Vmware SD-WAN Orchestrator API access control [CVE-2020-3985]medium6.5---
165344Vmware SD-WAN Orchestrator sql injection [CVE-2020-3984]medium6.5---
165343Modern Honey Network Geolocations utils.py _get_flag_ip_localdb denial of servicelow2.3---
165342CDATA FD8000 inadequate encryption [CVE-2020-29063]low1.7---
165341CDATA FD8000 improper authentication [CVE-2020-29062]medium7.5---
165340CDATA FD8000 hard-coded password [CVE-2020-29061]medium5.8---
165339CDATA FD8000 Debug Account hard-coded password [CVE-2020-29060]medium5.2---
165338CDATA FD8000 hard-coded password [CVE-2020-29059]medium5.4---
165337CDATA FD8000 missing encryption [CVE-2020-29058]low2.3---
165336CDATA FD8000 Telnet Service denial of service [CVE-2020-29057]low5.0---
165335CDATA FD8000 TFTP Config sandbox [CVE-2020-29056]medium7.7---
165334CDATA FD8000 Management Interface cleartext transmission [CVE-2020-29055]low2.6---
165333CDATA FD8000 missing encryption [CVE-2020-29054]low4.0---
165332Hrsale projects_calendar cross site scriptinglow4.0---
165331Xen stack-based overflow [CVE-2020-29040]medium5.2---
165330MISP ACL GalaxyElementsController.php access controlmedium5.2---
165329Karenderia Multiple Restaurant System sql injection [CVE-2020-28994]medium7.5---
165328musl libc Buffer Size buffer overflow [CVE-2020-28928]medium6.5---
165327SeedDMS out.AddDocument.php redirectmedium4.9---
165326cron-utils Template injection [CVE-2020-26238]medium7.5---
165325Highlight.js code injection [CVE-2020-26237]low4.0---
165324Time Crate Environment Variable try_now_local null pointer dereferencelow2.3---
165323Jupyter Server redirect [CVE-2020-26232]medium7.5---
165322Pacemaker ACL access control [CVE-2020-25654]medium4.3---
165321Wildfly Resource Adapter log file [CVE-2020-25640]low1.7---
165320SimplePHPscripts News Script PHP Pro News Edit sql injectionmedium6.5---
165319SimplePHPscripts News Script PHP Pro cross site scripting [CVE-2020-25474]low4.0---
165318SimplePHPscripts News Script PHP Pro Session Cookie cookie without 'httponly' flaglow2.6---
165317SimplePHPscripts News Script PHP Pro User cross-site request forgerylow4.0---
165316RTA 499ES EtherNet-IP Adaptor Source Code stack-based overflowmedium6.5---
165315MicroStrategy PDF Generator server-side request forgery [CVE-2020-24815]medium4.0---
165314Apache Unomi Endpoint context.json injectionmedium4.9---
165313FASTGate FGA2130FWB Admin Web Panel cross-site request forgerylow4.0---
165312Heketi log file [CVE-2020-10763]low1.7---
165311gluster-block CLI cmd_history.log log filelow1.7---
165310TOTOLINK A850R-V1/F1-V2 Management Interface backdoor [CVE-2015-9551]medium6.5---
165309TOTOLINK A850R-V1/F1-V2 Web Management Interface access controlmedium7.5---
165308MongoDB Message Decompressor denial of service [CVE-2019-20925]low5.0---
165307Seiko Epson Product untrusted search path [CVE-2020-5674]medium6.5---
165306Netgear GS108Ev3 cross-site request forgery [CVE-2020-5641]low4.0---
165305PollNY Extension Answer Option cross site scripting [CVE-2020-29003]low4.0---
165304CologneBlue Skin qbfind Message CologneBlueTemplate.php cross site scriptinglow4.0---
165303Gitea repo_form.go encoding errormedium6.0---
165302Hashicorp Nomad/Nomad Enterprise Docker File Sandbox sandboxmedium5.2---
165301Matrix Synap JSON denial of service [CVE-2020-26890]low3.5---
165300Ortus TestBox Query String HTMLRunner.cfm command injectionmedium6.0---
165299Ortus TestBox Query String index.cfm pathname traversalmedium5.2---
165298MongoDB Ops Manager API Key information disclosure [CVE-2020-7927]low2.1---
165297VMware Workspace One Access command injection [CVE-2020-4006]medium5.2---
165296SPIP configurer_preferences.php unknown vulnerability [CVE-2020-28984]low4.9---
165295Magicpin User Registration cross site scripting [CVE-2020-28927]low5.0---
165294Mutt/NeoMutt IMAP Server Response cleartext transmission [CVE-2020-28896]low2.6---
165293WinSCP FTP Server denial of service [CVE-2020-28864]low2.6---
165292private-ip IP Range Filter server-side request forgery [CVE-2020-28360]medium6.5---
165291Scratch Regular Expression cross site scripting [CVE-2020-26239]low4.0---
165290October CMS Twig Sandbox authorization [CVE-2020-26231]medium5.8---
165289TYPO3 RSS Widget xml external entity reference [CVE-2020-26229]medium6.5---
165288TYPO3 Session Identifier cleartext storage [CVE-2020-26228]low2.6---
165287TYPO3 Fluid cross site scripting [CVE-2020-26227]low5.0---
165286PostgreSQL psql Interactive Terminal privileges management [CVE-2020-25696]medium9.0---
165285rhacm Internal API hard-coded key [CVE-2020-25688]low2.6---
165284Cephx improper authentication [CVE-2020-25660]medium5.8---
165283Playground Sessions UserProfiles.sol credentials storagelow4.0---
165282Linux Kernel 8250_core.c serial8250_isa_init_ports null pointer dereferencelow1.7---
165281Linux Kernel Error Field block_dev.c use after freelow1.7---
165280October CMS Upload File evil.svg cross site scriptinglow4.0---
165279October CMS New User authorization [CVE-2020-15248]low5.8---
165278October CMS Twig Sandbox authorization [CVE-2020-15247]medium5.8---
165277October CMS authorization [CVE-2020-15246]low5.0---
165276Jingyun Antivirus Driver ZySandbox.sys denial of servicelow4.6---
165275Jingyun Antivirus Driver ZySandbox.sys denial of servicelow4.6---
165274Jingyun Antivirus Driver ZySandbox.sys denial of servicelow4.6---
165273Jingyun Antivirus Driver ZySandbox.sys denial of servicelow4.6---
165272Jingyun Antivirus Driver hookbody.sys denial of servicelow4.6---
165271MongoDB Query buffer overflow [CVE-2020-7928]medium5.2---
165270SalesForce Tableau Server SAML unknown vulnerability [CVE-2020-6939]medium5.4---
165269IBM Spectrum Protect Plus hard-coded credentials [CVE-2020-4854]medium7.5---
165268IBM Spectrum Protect Plus channel accessible [CVE-2020-4783]low2.6---
165267IBM Spectrum Protect Operations Center WebSocket Event improper authenticationmedium5.0---
165266Intel BlueZ information disclosure [CVE-2020-12352]low3.3---
165265Intel BlueZ input validation [CVE-2020-12351]medium5.4---
165264Intel PROSet/Wireless WiFi out-of-bounds write [CVE-2020-0569]low1.7---
165263Tianocore EDK II denial of service [CVE-2019-14587]low2.9---
165262Tianocore EDK II use after free [CVE-2019-14586]low2.3---
165261Tianocore EDK II DxeImageVerificationHandler Local Privilege Escalationlow4.3---
165260Tianocore EDK II Integer Truncation integer overflow [CVE-2019-14563]low4.3---
165259MongoDB recursion [CVE-2018-20803]low2.3---
165258MongoDB Server Selection Subsystem exceptional condition [CVE-2020-7926]low4.0---
165257MongoDB Role Name Parser denial of service [CVE-2020-7925]low5.0---
165256jsen Schema File Function.apply Remote Privilege Escalationlow5.8---
165255CA Unified Infrastructure Management Robot Controller privileges managementlow4.3---
165254Hashicorp Consul/Consul Enterprise ACL permission [CVE-2020-28053]low2.7---
165253Security Onion sudo so-setup access controlmedium6.8---
165252OTRS improper authentication [CVE-2020-1778]medium5.2---
165251MongoDB use after free [CVE-2019-2393]low4.0---
165250MongoDB Mod Operator integer overflow [CVE-2019-2392]low4.0---
165249MongoDB IndexBoundsBuilder denial of service [CVE-2019-20924]low4.0---
165248MongoDB Javascript routine [CVE-2019-20923]low4.0---
165247Tianocore EDK II DxeImageVerificationHandler denial of servicelow1.7---
165246Tianocore EDK II resource consumption [CVE-2019-14559]low5.0---
165245Tianocore EDK II information disclosure [CVE-2019-14553]low4.0---
165244MongoDB denial of service [CVE-2018-20805]low4.0---
165243MongoDB applyOps Invocation denial of service [CVE-2018-20804]low4.0---
165242MongoDB QueryPlanner denial of service [CVE-2018-20802]low4.0---
165241Barco wePresent WiPG-1600W Firmware Update improper validation of integrity check valuehigh8.5---
165240Barco wePresent WiPG-1600W SSH hard-coded credentials [CVE-2020-28334]high10.0---
165239Barco wePresent WiPG-1600W Web UI return.cgi access controlmedium6.5---
165238Barco wePresent WiPG-1600W authentication bypass [CVE-2020-28333]medium7.5---
165237Barco wePresent WiPG-1600W cleartext storage [CVE-2020-28330]low4.0---
165236Barco wePresent Service Port 4001 hard-coded credentials [CVE-2020-28329]medium7.5---
165235Libsvm Model SVM svm.cpp svm_predict_values denial of servicelow2.3---
165234Paradox IP150 stack-based overflow [CVE-2020-25189]medium7.5---
165233HCL Notes Email Message denial of service [CVE-2020-14258]low5.0---
165232HCL Domino denial of service [CVE-2020-14234]low2.3---
165231HCL Domino Email Message denial of service [CVE-2020-14230]low5.0---
165230TP-LINK Archer C9 symlink [CVE-2020-5797]medium4.6---
165229Xpdf SplashOutputDev.cc endType3Char use after freemedium4.3---
165228Paradox IP150 buffer overflow [CVE-2020-25185]medium6.5---
165227Netis Korea D'live AP Time Setting command injection [CVE-2020-7842]medium6.2---
165226IBM Sterling B2B Integrator Standard Edition inadequate encryptionlow2.6---
165225IBM DB2 Accessories Suite/DB2/DB2 Connect Server untrusted search pathmedium6.8---
165224VMware ESXi System Call privileges management [CVE-2020-4005]medium6.5---
165223VMware ESXi/Workstation/Fusion XHCI USB Controller use after freemedium6.5---
165222Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds readlow4.3---
165221TP-LINK WDR7400 devDiscoverHandle Server copy_msg_element buffer overflowmedium5.2---
165220Netskope Admin Portal csv injection [CVE-2020-28845]medium5.4---
165219ScratchVerifier improper authentication [CVE-2020-26236]medium5.8---
165218NetIQ Identity Manager injection [CVE-2020-25839]medium4.9---
165217PDFResurrect Header Validation pdf_get_version heap-based overflowmedium5.2---
165216libvips im_vips2dz.c im_vips2dz uninitialized pointermedium6.0---
165215libsixel fromgif.c gif_out_code array indexmedium4.9---
165214ImageMagick xpm.c ReadXPMImage buffer overflowmedium7.5---
165213Drupal File unrestricted upload [CVE-2020-13671]medium4.9---
165212Mitsubishi Electric MELSEC iQ-R resource consumption [CVE-2020-5668]low4.3---
165211IBM Power9 L1 Cache information disclosure [CVE-2020-4788]low1.7---
165210Schneider Electric EcoStruxure Building Operation WebReports Access Control access controlmedium6.5---
165209Schneider Electric EcoStruxure Building Operation WebReports XML External Entity xml external entity referencemedium6.0---
165208Schneider Electric EcoStruxure Building Operation WebReports Web Page Generation cross site scriptinglow4.0---
165207Schneider Electric EcoStruxure Building Operation WebReports Web Page Generation cross site scriptinglow4.0---
165206Schneider Electric EcoStruxure Building Operation WebReports unrestricted uploadmedium6.0---
165205Schneider Electric Modicon M221 information disclosure [CVE-2020-7568]low2.3---
165204Schneider Electric Modicon M221 missing encryption [CVE-2020-7567]low2.3---
165203Schneider Electric Modicon M221 random values [CVE-2020-7566]low2.3---
165202Schneider Electric Modicon M221 inadequate encryption [CVE-2020-7565]low1.8---
165201Schneider Electric Easergy T300 access control [CVE-2020-7561]medium6.5---
165200Schneider Electric EcoStruxure Control Expert PLC Simulator buffer overflowmedium5.2---
165199Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writemedium6.5---
165198Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds readlow3.5---
165197Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writemedium6.5---
165196Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writemedium6.5---
165195Schneider Electric IGSS Definition Configuration Group File Def.exe memory corruptionmedium6.5---
165194Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writemedium6.5---
165193Schneider Electric IGSS Definition Configuration Def.exe memory corruptionmedium6.5---
165192Schneider Electric IGSS Definition Configuration Def.exe memory corruptionmedium6.5---
165191Schneider Electric IGSS Definition Def.exe memory corruptionmedium6.5---
165190Schneider Electric EcoStruxure Operator Terminal Expert privileges managementmedium5.2---
165189Schneider Electric EcoStruxure Control Expert PLC Simulator unusual conditionlow2.3---
165188BigBlueButton Control Character ApiController.groovy escape outputlow4.9---
165187BigBlueButton Poll permission assignment [CVE-2020-28953]low2.3---
165186Sokrates SOWA SowaSQL OPAC sowacgi.php cross site scriptinglow4.0---
165185Schneider Electric EcoStruxure Control Expert PLC Simulator code downloadlow2.3---
165184Schneider Electric EcoStruxure Control Expert PLC Simulator excessive authenticationlow5.0---
165183Schneider Electric EcoStruxure Control Expert PLC Simulator authorizationmedium5.8---
165182Schneider Electric EcoStruxure Building Operation WebStation Web Page Generation cross site scriptinglow4.0---
165181Schneider Electric EcoStruxure Building Operation Enterprise Server Installer unquoted search pathmedium9.0---
165180Pritunl Electron Client access control [CVE-2020-25989]medium7.7---
165179OpenWrt libuci file.c uci_parse_package use after freemedium4.9---
165178Archive_Tar Filename injection [CVE-2020-28949]medium4.9---
165177Archive_Tar PHAR deserialization [CVE-2020-28948]medium4.9---
165176Linux Kernel Speakup Driver spk_ttyio.c denial of servicelow1.7---
165175Rclone entropy [CVE-2020-28924]low1.4---
165174ZTE ZXHN Z500/ZXHN F670L Rule Configuration input validationlow4.9---
165173MISP Template Element cross site scripting [CVE-2020-28947]low4.0---
165172PrimeKey EJBCA EJBCA Enrollment improper authorization [CVE-2020-28942]medium4.0---
165171Moodle Participants Table Download insertion of sensitive information into sent datalow2.7---
165170Moodle cross site scripting [CVE-2020-25702]low4.0---
165169Moodle Upload Course Tool access control [CVE-2020-25701]medium5.2---
165168Moodle Database Module Web Service sql injection [CVE-2020-25700]medium6.5---
165167Moodle Capability Check access control [CVE-2020-25699]medium5.2---
165166Moodle User Enrollment access control [CVE-2020-25698]medium5.2---
165165YzmCMS Editor cross site scripting [CVE-2020-22394]low4.0---
165164TwinCAT XAR TcSysUI.exe default permissionmedium6.8---
165163Endress+Hauser Ecograph T information disclosure [CVE-2020-12496]low5.0---
165162Endress+Hauser Ecograph T Web-based User Interface Private privileges managementmedium7.5---
165161Johnson Controls American Dynamics Victor Web Client HTTP API improper authorizationmedium5.8---
IDTitleVulDBCVSSSecuniaXForceNessus
165160IBM Jazz Reporting Service Web UI cross site scripting [CVE-2020-4718]low4.0---
165159IBM DB2/DB2 Connect Server buffer overflow [CVE-2020-4701]medium6.8---
165158JamoDat TSMManager Collector authorization [CVE-2020-28054]medium6.0---
165157com.oppo.ovoicemanager permission [CVE-2020-11831]medium5.2---
165156com.oppo.qualityprotect unknown vulnerability [CVE-2020-11830]medium4.9---
165155com.coloros.codebook Backup/Restore SDK privileges managementmedium4.9---
165154Nextcloud Social Server Certificate certificate validation [CVE-2020-8279]medium7.5---
165153Nextcloud Social App access control [CVE-2020-8278]medium5.2---
165152Node.js DNS Request resource consumption [CVE-2020-8277]low2.3---
165151F5 BIG-IP/BIG-IP Virtual Edition TCP Sequence Number random valueslow5.1---
165150PulseAudio Bluez module-bluez5-device.c double freemedium4.3---
165149InfluxDB JWT Token handler.go improper authenticationmedium5.8---
165148Cisco DNA Spaces Connector Web-based Management Interface os command injectionmedium7.5---
165147Cisco IoT Field Network Director REST API missing authenticationmedium7.5---
165146Cisco Expressway Software TURN Server access control [CVE-2020-3482]medium7.5---
165145Cisco Webex Meetings/WebEx Meetings Server Connection input validationmedium6.5---
165144Cisco Integrated Management Controller API Subsystem memory corruptionhigh10.0---
165143Cisco Webex Meetings/WebEx Meetings Server Meeting Room Lobby information disclosurelow4.0---
165142Cisco Webex Meetings/WebEx Meetings Server Authentication Token dynamically-managed code resourcesmedium5.1---
165141Trend Micro InterScan Web Security Virtual Appliance HTTP Message ModifyVLANItem os command injectionmedium6.5---
165140Trend Micro InterScan Web Security Virtual Appliance HTTP Message AddVLANItem os command injectionmedium6.5---
165139Trend Micro InterScan Web Security Virtual Appliance HTTP Message out-of-bounds writemedium6.0---
165138Trend Micro InterScan Web Security Virtual Appliance HTTP Message out-of-bounds writemedium6.8---
165137Trend Micro Worry-Free Business Security Management Console path traversalmedium7.5---
165136Trend Micro Apex One Product Installer access control [CVE-2020-28572]medium5.2---
165135Trend Micro Security 2020 Installation symlink [CVE-2020-27697]medium4.3---
165134Trend Micro Security 2020 Installation untrusted search pathmedium6.8---
165133Trend Micro Security 2020 Installation untrusted search pathlow4.3---
165132semantic-release URL escape output [CVE-2020-26226]medium7.5---
165131Jupyter Notebook Link redirect [CVE-2020-26215]low4.6---
165130grocy Add Recipe Module cross site scripting [CVE-2020-25454]low4.0---
165129Beijing Liangjing Zhicheng ljcmsshop user.php cross site scriptinglow4.0---
165128SuiteCRM Accounts/Contacts/Opportunities/Leads csv injectionmedium4.9---
165127SuiteCRM Documents Module redirect [CVE-2020-15300]medium4.9---
165126SuiteCRM Documents Preview cross site scripting [CVE-2020-14208]low4.0---
165125Western Digital iNAND authentication replay [CVE-2020-13799]medium5.8---
165124GitLab Enterprise Edition Schedule denial of service [CVE-2020-13360]low4.0---
165123GitLab Community Edition/Enterprise Edition Project Maintainer state issuelow5.8---
165122GitLab Community Edition/Enterprise Edition Multipart Protection information disclosurelow5.0---
165121GitLab Community Edition/Enterprise Edition LFS Upload EE path traversalmedium4.6---
165120Symantec Endpoint Detection & Response information disclosurelow2.3---
165119Libapreq2 Multipart Parser denial of service [CVE-2019-12412]low4.0---
165118Valve Game Networking Sockets Negative Offset SNP_ReceiveUnreliableSegment memory corruptionmedium6.5---
165117IBM MQ Appliance Segmented Message denial of service [CVE-2020-4592]low2.1---
165116Cisco IoT Field Network Director API missing authentication [CVE-2020-3392]medium7.5---
165115Cisco Secure Web Appliance Log Subscription Subsystem os command injectionmedium4.3---
165114Werkzeug URL redirect [CVE-2020-28724]low4.9---
165113Google Go argument injection [CVE-2020-28367]medium7.5---
165112Google Go code injection [CVE-2020-28366]medium7.5---
165111Google Go certificate validation [CVE-2020-28362]medium5.0---
165110cxuucms search.php sql injectionmedium6.5---
165109TP-LINK TL-WPA4220 POST Request syslog denial of servicelow3.5---
165108Cisco Webex Meeting API cross site scriting [CVE-2020-27126]low5.0---
165107Trusted Computing Group Trusted Platform Module Library Family initializationmedium4.9---
165106RSA Archer URL cross site scripting [CVE-2020-26884]low5.0---
165105Planet Technology Corp NVR-915/NVR-1615 Telnet Server hard-coded credentialshigh10.0---
165104Cisco IoT Field Network Director Web UI cross site scriptinglow5.0---
165103Cisco IoT Field Network Director JSON access control [CVE-2020-26080]medium6.5---
165102Cisco IoT Field Network Director credentials storage [CVE-2020-26079]low4.0---
165101Cisco IoT Field Network Director API file inclusion [CVE-2020-26078]medium6.5---
165100Cisco IoT Field Network Director access control [CVE-2020-26077]medium6.5---
165099Cisco IoT Field Network Director access control [CVE-2020-26076]medium5.0---
165098Cisco IoT Field Network Director REST API sql injection [CVE-2020-26075]medium6.5---
165097Cisco IoT Field Network Director SOAP API access control [CVE-2020-26072]medium5.8---
165096Cisco TelePresence Collaboration Endpoint/RoomOS xAPI service authorizationmedium5.8---
165095lemocms Uploads.php unrestricted uploadmedium4.9---
165094TP-LINK TL-WPA4220 httpd powerline os command injectionmedium6.5---
165093Schneider Electric Modicon M340 Web Server buffer overflow [CVE-2020-7564]medium5.2---
165092Schneider Electric Modicon M340 Web Server out-of-bounds writemedium5.2---
165091Schneider Electric Modicon M340 Web Server out-of-bounds readlow2.7---
165090Kamailio Whitespace remove_hf protection mechanismmedium4.9---
165089PHPGurukul User Registration & Login/User Management System Admin Panel cross site scriptinglow4.0---
165088view_statistics Extension missing encryption [CVE-2020-28917]low2.3---
165087Linux Kernel fbcon buffer overflow [CVE-2020-28915]low1.7---
165086Kata Containers permission [CVE-2020-28914]medium5.2---
165085SourceCodester Water Billing System process.php sql injectionmedium6.5---
165084SourceCodester Online Clothing Store Image Upload Products.php unrestricted uploadmedium6.0---
165083SourceCodester Online Clothing Store offer.php cross site scriptinglow4.0---
165082SourceCodester Online Clothing Store login.php sql injectionmedium6.5---
165081SourceCodester Tourism Management System create-package.php unrestricted uploadmedium6.0---
165080SourceCodester Simple Grocery Store Sales and Inventory System login.php sql injectionmedium7.5---
165079SourceCodester Library Management System Image Upload unrestricted uploadmedium6.0---
165078SourceCodester Gym Management System cross site scripting [CVE-2020-28129]low4.0---
165077PESCMS Team Parameter cross site scripting [CVE-2020-28092]low4.0---
165076Kaa IoT Platform Dashboard cross site scripting [CVE-2020-26701]low4.0---
165075Aviatrix Controller API unrestricted upload [CVE-2020-26553]medium4.9---
165074Aviatrix Controller API Endpoint improper authentication [CVE-2020-26552]medium5.8---
165073Aviatrix Controller credentials storage [CVE-2020-26551]low1.4---
165072Aviatrix Controller Encrypted File insufficiently protected credentialslow1.8---
165071Aviatrix Controller .htaccess protection mechanism [CVE-2020-26549]medium4.9---
165070Aviatrix Controller sudo access control [CVE-2020-26548]medium9.0---
165069GitLab Community Edition/Enterprise Edition Package Upload path traversalmedium6.5---
165068TYPO3 Fluid cross site scripting [CVE-2020-26216]low5.0---
165067Genexis Platinum 4410 UPNP/Freeciv Service X_GetAccess information disclosurelow2.3---
165066Kyocera ECOSYS M2640IDW Machine Address Book cross site scriptinglow4.0---
165065Taskcafe Project Management Tool Access Token information disclosuremedium6.0---
165064GitLab Community Edition/Enterprise Edition Scheduled Pipeline API permissionmedium4.0---
165063GitLab Community Edition/Enterprise Edition Administration Page cross-site request forgerylow4.0---
165062GitLab Enterprise Edition Advanced Search incorrect regex [CVE-2020-13349]medium4.0---
165061GitLab Enterprise Edition Branch access control [CVE-2020-13348]medium6.5---
165060BASETech GE-131 BT-1837836 Video Stream information disclosurelow5.0---
165059BASETech GE-131 BT-1837836 Video Stream information disclosurelow1.7---
165058BASETech GE-131 BT-1837836 Remote Code Execution [CVE-2020-27556]medium5.1---
165057BASETech GE-131 BT-1837836 Telnet Server hard-coded credentialshigh10.0---
165056BASETech GE-131 BT-1837836 missing encryption [CVE-2020-27554]low2.6---
165055BASETech GE-131 BT-1837836 pathname traversal [CVE-2020-27553]medium5.0---
165054LimeSurvey cross site scripting [CVE-2020-25798]low4.0---
165053fastadmin-tp6 Ajax.php sql injectionmedium6.5---
165052Tobesoft XPlatform hta File input validationmedium4.9---
165051y18n code injection [CVE-2020-7774]medium5.2---
165050Artworks Gallery in PHP, CSS, JavaScript, and MySQL Artwork unrestricted uploadmedium6.0---
165049Artworks Gallery in PHP, CSS, JavaScript, and MySQL unrestricted uploadmedium6.0---
165048Progress MOVEit Transfer cross site scripting [CVE-2020-28647]low4.0---
165047ResourceXpress Qubi3 Debug Interface information disclosure [CVE-2020-25746]low2.1---
165046BinaryNights ForkLift injection [CVE-2020-27192]medium4.3---
165045Cisco Security Manager Serialized Java Object deserializationmedium7.6---
165044Cisco Security Manager pathname traversal [CVE-2020-27130]medium7.5---
165043Cisco Security Manager input validation [CVE-2020-27125]low5.1---
165042GitLab Enterprise Edition Private Project information disclosurelow5.0---
165041Micro Focus Arcsight Logger cross site scripting [CVE-2020-25834]low4.0---
165040Micro Focus IDOL cross site scripting [CVE-2020-25833]low4.0---
165039Micro Focus Filr Scripting cross site scripting [CVE-2020-25832]low4.0---
165038Linux Kernel ICMP Packet random values [CVE-2020-25705]low4.0---
165037BinaryNights ForkLift Helper Tool access control [CVE-2020-15349]medium4.3---
165036KeyCloak unnecessary privileges [CVE-2020-14389]medium6.5---
165035GitLab Community Edition/Enterprise Edition Kubernetes Agent API access controllow1.0---
165034GitLab Community Edition/Enterprise Edition Container Registry resource consumptionlow4.0---
165033Gitaly Import information disclosure [CVE-2020-13353]low0.8---
165032GitLab Community Edition/Enterprise Edition Project EE information disclosurelow2.6---
165031Micro Focus Arcsight Logger cross site scripting [CVE-2020-11860]low4.0---
165030Micro Focus Arcsight Logger code injection [CVE-2020-11851]medium6.0---
165029Keycloak cross site scripting [CVE-2020-10776]low4.0---
165028HorizontCMS Theme unrestricted uploadmedium6.5---
165027GARMIN Forerunner 235 ConnectIQ TVM buffer overflow [CVE-2020-27486]medium5.2---
165026GARMIN Forerunner 235 ConnectIQ TVM use after free [CVE-2020-27485]medium4.9---
165025GARMIN Forerunner 235 ConnectIQ TVM write integer overflowmedium4.9---
165024GARMIN Forerunner 235 ConnectIQ TVM array index [CVE-2020-27483]medium6.0---
165023Airleader Master Tomcat Manager hard-coded credentials [CVE-2020-26510]medium7.5---
165022Airleader Master/Easy hard-coded credentials [CVE-2020-26509]medium3.3---
165021Canon Oce ColorWave 3500 WebTools information disclosure [CVE-2020-26508]low2.3---
165020PrestaShop Product Comments Link cross site scripting [CVE-2020-26225]low4.0---
165019PrestaShop Shopping Cart access control [CVE-2020-26224]medium5.0---
165018Xstream Security Framework os command injection [CVE-2020-26217]medium4.6---
165017IBM Sterling File Gateway Authorization Token missing secure attributelow2.6---
165016IBM Sterling B2B Integrator Standard Edition Web UI cross site scriptinglow4.0---
165015IBM Sterling B2B Integrator Standard Edition Privileges access controlmedium4.6---
165014IBM Sterling B2B Integrator Standard Edition Dashboard UI information disclosurelow4.0---
165013IBM Business Automation Workflow Web UI cross site scriptinglow4.0---
165012IBM Sterling B2B Integrator Standard Edition log file [CVE-2020-4671]low4.0---
165011IBM Sterling File Gateway Authorization Token missing secure attributelow2.6---
165010IBM Sterling B2B Integrator Standard Edition sql injection [CVE-2020-4655]medium6.5---
165009IBM Sterling File Gateway sql injection [CVE-2020-4647]medium6.5---
165008IBM Sterling B2B Integrator Standard Edition log file [CVE-2020-4566]low4.0---
165007IBM Sterling File Gateway information exposure [CVE-2020-4476]low5.0---
165006IBM Sterling B2B Integrator Standard Edition information exposurelow4.0---
165005CloudAvid PParam setAddress memory leaklow2.3---
165004Gila CMS unrestricted upload [CVE-2020-28692]medium6.0---
165003Nagios XI Account Information cross site scripting [CVE-2020-27991]low4.0---
165002Nagios XI Deployment Tool cross site scripting [CVE-2020-27990]low4.0---
165001Nagios XI Dashboard Tools cross site scripting [CVE-2020-27989]low4.0---
165000Nagios XI Manage Users Page cross site scripting [CVE-2020-27988]low4.0---
164999AVideo information disclosure [CVE-2020-23490]low2.1---
164998Avideo import.json.php access controlmedium6.5---
164997JetBrains TeamCity Dependency unknown vulnerability [CVE-2020-27629]low4.9---
164996JetBrains TeamCity Audit Record unknown vulnerability [CVE-2020-27628]low4.9---
164995JetBrains TeamCity URL injection [CVE-2020-27627]medium4.9---
164994JetBrains YouTrack server-side request forgery [CVE-2020-27626]medium5.2---
164993JetBrains YouTrack Notification information disclosure [CVE-2020-27625]low2.3---
164992JetBrains YouTrack server-side request forgery [CVE-2020-27624]medium5.2---
164991JetBrains IdeaVim information disclosure [CVE-2020-27623]low2.3---
164990JetBrains IntelliJ IDEA Web Server information disclosure [CVE-2020-27622]low2.3---
164989Chronoforeum Post cross site scripting [CVE-2020-27459]low4.0---
164988Anuko Time Tracker Password Reset denial of service [CVE-2020-27423]low2.3---
164987Anuko Time Tracker password recovery [CVE-2020-27422]medium5.1---
164986LionWiki index.php file inclusionmedium5.4---
164985JetBrains Ktor request smuggling [CVE-2020-26129]medium4.9---
164984PHPGurukul User Registration & Login/User Management System sql injectionmedium7.5---
164983JetBrains YouTrack Workflow Rule behavioral workflow [CVE-2020-25210]medium4.9---
164982JetBrains YouTrack REST API access control [CVE-2020-25209]medium4.0---
164981JetBrains ToolBox Browser Protocol Remote Privilege Escalationmedium6.0---
164980JetBrains ToolBox Browser Protocol denial of service [CVE-2020-25013]low2.3---
164979JetBrains YouTrack Backup information disclosure [CVE-2020-24366]low2.3---
164978Ivanti Endpoint Manager frm_splitfrm.aspx cross site scriptinglow4.0---
164977Ivanti Endpoint Manager ldprov.cgi information disclosurelow2.7---
164976Ivanti Endpoint Manager alert_log.aspx sql injectionmedium6.5---
164975Amazon AWS Encryption SDK AES-GCM cryptographic issues [CVE-2020-8897]low2.3---
164974markdown-it-highlightjs cross site scripting [CVE-2020-7773]low4.0---
164973Firebase util DeepCopy.ts deepExtend code injectionmedium5.1---
164972Citrix SD-WAN Center os command injection [CVE-2020-8273]medium7.7---
164971Citrix SD-WAN Center improper authentication [CVE-2020-8272]medium5.8---
164970Citrix SD-WAN Center path traversal [CVE-2020-8271]high10.0---
164969Citrix Virtual Apps/XenDesktop os command injection [CVE-2020-8270]medium9.0---
164968Citrix Virtual Apps/XenDesktop access control [CVE-2020-8269]medium9.0---
164967Nextcloud Server insufficiently protected credentials [CVE-2020-8259]medium5.8---
164966Nextcloud Server insufficiently protected credentials [CVE-2020-8152]medium4.9---
164965Mitsubishi Electric MELSEC iQ-R resource consumption [CVE-2020-5666]low3.5---
164964XooNIps deserialization [CVE-2020-5664]medium6.0---
164963XooNIps cross site scripting [CVE-2020-5663]low4.0---
164962XooNIps cross site scripting [CVE-2020-5662]low4.0---
164961XooNIps sql injection [CVE-2020-5659]medium6.5---
164960Volkswagen Polo Discover Media Infotainment System insufficient verification of data authenticitymedium6.2---
164959WPBakery XSS Protection Mechanism kses_remove_filters protection mechanismmedium6.5---
164958orbisius-child-theme-creator orbisius_ctc_theme_editor_manage_file cross-site request forgerylow5.0---
164957Nagios XI Auto-Discovery input validation [CVE-2020-28648]medium6.5---
164956InfiniteWP Admin Panel Password resetPasswordSendMail password recoverymedium7.5---
164955controlled-merge Prototype code injection [CVE-2020-28268]medium6.5---
164954PostgreSQL permission [CVE-2020-25695]medium6.5---
164953PostgreSQL Client Application downgrade [CVE-2020-25694]low2.6---
164952QNAP QTS os command injection [CVE-2020-2492]medium5.8---
164951QNAP QTS command injection [CVE-2020-2490]medium8.3---
164950Daimler Mercedes HERMES Debug Interface information disclosurelow1.2---
164949Daimler Mercedes HERMES improper authentication [CVE-2019-19562]low3.7---
164948Daimler Mercedes HERMES Debug Interface information disclosurelow1.2---
164947Daimler Mercedes HERMES Debug Interface improper authenticationlow3.7---
164946Daimler Mercedes HERMES Debug Interface information disclosurelow1.2---
164945Daimler Mercedes HERMES Debug Interface improper authenticationmedium4.6---
164944Reddoxx MailDepot cross site scripting [CVE-2020-26554]low4.0---
164943doc-path denial of service [CVE-2020-7772]low5.0---
164942One Identity Password Manager insertion of sensitive information into sent datalow1.4---
164941Opera Touch Address Bar clickjacking [CVE-2020-6157]low5.0---
164940Nagios XI permission [CVE-2020-5796]medium4.3---
164939Tomb ask_password information disclosurelow2.3---
164938Eclipse Hono AMQP Protocol Adapter resource consumption [CVE-2020-27217]low2.3---
164937Radar COVID Notification information disclosure [CVE-2020-26230]low2.6---
164936Spree APIv2 authorization [CVE-2020-26223]medium6.5---
164935PassMark BurnInTest/OSForensics/PerformanceTest IOCTL DirectIo32.sys memory corruptionmedium4.6---
164934rConfig userprocess.php improper authentication [CVE-2020-13638]medium5.8---
164933Intel Open WebRTC Toolkit control flow [CVE-2020-12338]medium7.5---
164932Intel PROSet/Wireless WiFi control flow [CVE-2020-12313]medium5.8---
164931Intel CPU PMC access control [CVE-2020-0599]medium4.3---
164930Huawei Mate 30 buffer overflow [CVE-2020-9129]medium4.3---
164929Huawei Secospace USG9500 injection.Affected command injectionmedium5.2---
164928NetApp Element Software inadequate encryption [CVE-2020-8583]low2.6---
164927NetApp Element Software information disclosure [CVE-2020-8582]low2.3---
164926Pixar OpenUSD USD File heap-based overflow [CVE-2020-6156]medium5.2---
164925Pixar OpenUSD USD File heap-based overflow [CVE-2020-6155]medium6.5---
164924Pixar OpenUSD Decompression heap-based overflow [CVE-2020-6150]medium5.2---
164923Pixar OpenUSD USD File heap-based overflow [CVE-2020-6149]medium5.2---
164922Pixar OpenUSD Decompression heap-based overflow [CVE-2020-6148]medium5.2---
164921Pixar OpenUSD Decompression heap-based overflow [CVE-2020-6147]medium5.2---
164920Valve Game Networking Sockets Statistics Message Received_Data denial of servicelow2.7---
164919IBM InfoSphere Information Server History information disclosurelow4.0---
164918SAP Fiori Launchpad News Tile Application cross site scriptinglow5.0---
164917Dependabot $({curl injectionmedium6.5---
164916CMSuno injection [CVE-2020-25557]medium6.5---
164915CMSuno central.php injectionmedium4.9---
164914BD Alaris 8015 PC Unit/Alaris Systems Manager improper authenticationmedium7.5---
164913Nexcom NIO 50 cleartext transmission [CVE-2020-25155]low2.6---
164912Nexcom NIO 50 input validation [CVE-2020-25151]low5.0---
164911fastadmin-tp6 Ajax.php sql injectionmedium6.5---
164910Huawei Secospace USG6600 Protocol denial of service [CVE-2020-1847]low3.5---
164909Avaya WebLM Admin Interface xml external entity reference [CVE-2020-7032]medium5.8---
164908Apache OpenOffice Document cross site scripting [CVE-2020-13958]low5.0---
164907Intel Data Center Manager Console information disclosure [CVE-2020-8669]low3.5---
164906Avaya Equinox Conferencing Unified Portal Client cross site scriptinglow4.0---
164905TranzWare Payment Gateway Scripting cross site scripting [CVE-2020-28415]low5.0---
164904TranzWare Payment Gateway cross site scripting [CVE-2020-28414]low5.0---
164903FlexDotnetCMS HTTP GET Request unrestricted upload [CVE-2020-27386]medium6.0---
164902FlexDotnetCMS pathname traversal [CVE-2020-27385]medium6.5---
164901Color Dialog Plugin cross site scripting [CVE-2020-27193]low4.0---
164900Sentrifugo POST Request 2 sql injectionmedium4.7---
164899Sentrifugo Announcement unrestricted upload [CVE-2020-26804]medium4.9---
164898Sentrifugo unrestricted upload [CVE-2020-26803]medium4.9---
164897Couchbase Erlang Communication os command injection [CVE-2020-24719]medium6.0---
164896Intel NUC Firmware Update Tool permission [CVE-2020-24525]medium4.3---
164895Intel DSA permission [CVE-2020-24460]low1.7---
164894Intel Board ID Tool permission [CVE-2020-24456]medium4.3---
164893Intel Quartus Prime Standard Edition XML Subsystem xml external entity referencelow4.3---
164892Untangle Firewall NG unknown vulnerability [CVE-2020-17494]low2.7---
164891ARM v8-M TrustZone initialization [CVE-2020-16273]low4.0---
164890Siemens SIMATIC S7-300 CPU/SINUMERIK 840D sl Service Port 102 resource consumptionlow3.5---
164889ResourceXpress Meeting Monitor sql injection [CVE-2020-13877]medium6.5---
164888Ivanti Endpoint Manager File Extension EditLaunchPadDialog.aspx unrestricted uploadmedium6.0---
164887AMD VBIOS Flash Tool SDK Driver routine [CVE-2020-12927]medium6.8---
164886AMD Trusted Platform Module toctou [CVE-2020-12926]medium6.2---
164885AMD Extension to Linux hwmon Service Linux-based Running Average Power Limit Interface routinelow1.2---
164884Intel Data Center Manager Console denial of service [CVE-2020-12353]low4.0---
164883Intel XTU access control [CVE-2020-12350]medium4.3---
164882Intel Data Center Manager Console information disclosure [CVE-2020-12349]low4.0---
164881Intel Data Center Manager Console input validation [CVE-2020-12347]medium6.5---
164880Intel Battery Life Diagnostic Tool Installer permission [CVE-2020-12346]medium4.3---
164879Intel Data Center Manager Console Installer permission [CVE-2020-12345]medium4.3---
164878Intel NUC Firmware buffer overflow [CVE-2020-12337]medium4.3---
164877Intel NUC Firmware initialization [CVE-2020-12336]low4.3---
164876Intel Processor Identification Utility Installer permission [CVE-2020-12335]medium4.3---
164875Intel Advisor Tools Installer permission [CVE-2020-12334]medium4.3---
164874Intel QAT insufficiently protected credentials [CVE-2020-12333]medium4.3---
164873Intel HID Event Filter Driver Installer permission [CVE-2020-12332]medium4.3---
164872Intel Unite Cloud Service Client access control [CVE-2020-12331]medium4.3---
164871Intel Falcon 8+ UAS AscTec Thermal Viewer permission [CVE-2020-12330]medium4.3---
164870Intel VTune Profiler uncontrolled search path [CVE-2020-12329]medium4.3---
164869Intel Thunderbolt DCH Driver protection mechanism [CVE-2020-12328]medium4.3---
164868Intel Thunderbolt DCH Driver information disclosure [CVE-2020-12327]low1.7---
164867Intel Thunderbolt DCH Driver information disclosure [CVE-2020-12326]low1.7---
164866Intel Thunderbolt DCH Driver buffer overflow [CVE-2020-12325]medium4.3---
164865Intel Thunderbolt DCH Driver protection mechanism [CVE-2020-12324]medium4.3---
164864Intel ADAS IE input validation [CVE-2020-12323]medium4.3---
164863Microsoft SCS Add-on uncontrolled search path [CVE-2020-12320]medium4.3---
164862Intel EMA Credentials information disclosure [CVE-2020-12316]low1.7---
164861Intel EMA path traversal [CVE-2020-12315]medium7.5---
164860Intel CSI2 Host Controller Driver information disclosure [CVE-2020-0573]low1.7---
164859Intel S2600ST/S2600WF Firmware input validation [CVE-2020-0572]medium4.3---
164858Intel 50GbE IP Core Exception denial of service [CVE-2020-8767]low1.7---
164857Intel SGX DCAP denial of service [CVE-2020-8766]low3.3---
164856Intel CPU BIOS access control [CVE-2020-8764]medium4.3---
164855Intel CSME algorithmic complexity [CVE-2020-8761]low1.2---
164854Intel AMT Subsystem integer overflow [CVE-2020-8760]medium4.3---
164853Intel AMT Subsystem out-of-bounds read [CVE-2020-8757]low4.3---
164852Intel CSME Subsystem input validation [CVE-2020-8756]medium4.3---
164851Intel CSME/SPS Subsystem race condition [CVE-2020-8755]low3.7---
164850Intel AMT/ISM Subsystem information disclosure [CVE-2020-8754]low5.0---
164849Intel AMT/ISM DHCP Subsystem out-of-bounds read [CVE-2020-8753]medium7.5---
164848Intel AMT/ISM IPv6 subsystem out-of-bounds write [CVE-2020-8752]medium7.5---
164847Intel CSME/TXE Control Flow Management information disclosurelow2.1---
164846Intel TXE Kernel Mode Driver use after free [CVE-2020-8750]medium4.3---
164845Intel AMT Subsystem out-of-bounds read [CVE-2020-8749]medium5.8---
164844Intel AMT Subsystem out-of-bounds read [CVE-2020-8747]medium7.5---
164843Intel AMT Subsystem integer overflow [CVE-2020-8746]low3.3---
164842Intel CSME/TXE Control Flow Management control flow [CVE-2020-8745]low4.6---
164841Intel CSME/TXE/SPS Initialization access control [CVE-2020-8744]medium4.3---
164840Intel CPU BIOS Platform Sample Code out-of-bounds write [CVE-2020-8740]medium4.3---
164839Intel CPU BIOS Platform Sample Code access control [CVE-2020-8739]medium4.3---
164838Intel CPU BIOS Platform Sample Code access control [CVE-2020-8738]medium4.3---
164837Intel Stratix 10 FPGA memory corruption [CVE-2020-8737]medium4.6---
164836Intel CSME/TXE/SPS/SoC Boot Guard insecure default initialization of resourcelow4.6---
164835Intel CPU Isolation information disclosure [CVE-2020-8698]low1.7---
164834Intel CPU information disclosure [CVE-2020-8696]low1.7---
164833Intel CPU RAPL Interface information disclosure [CVE-2020-8695]low1.7---
164832Linux CPU Linux kernel Driver information disclosure [CVE-2020-8694]low1.7---
164831Intel Ethernet 700 Series Controller Firmware memory corruptionmedium4.3---
164830Intel Ethernet 700 Series Controller or denial of servicelow1.7---
164829Intel Ethernet 700 Series Controller control flow [CVE-2020-8691]low1.7---
164828Intel Ethernet 700 Series Controller or protection mechanismmedium4.3---
164827Intel Visual Compute Accelerator denial of service [CVE-2020-8677]low1.7---
164826Intel Visual Compute Accelerator access control [CVE-2020-8676]medium4.3---
164825SugarCRM Installation authorization [CVE-2020-7472]medium7.5---
164824deephas Prototype code injection [CVE-2020-28271]medium6.5---
164823object-hierarchy-access code injection [CVE-2020-28270]medium6.5---
164822field Prototype code injection [CVE-2020-28269]medium6.5---
164821lettre library Sendmail mod.rs injectionmedium4.9---
164820BAB eibPort lighttpd resource consumption [CVE-2020-24573]low3.5---
164819Ivanti Endpoint Manager DLL ldiscn32.exe uncontrolled search pathmedium6.8---
164818Ivanti Endpoint Manager Named Pipe access control [CVE-2020-13770]medium6.8---
164817Intel AMT information disclosure [CVE-2020-12356]low1.7---
164816Intel TXE RPMB Protocol Message Subsystem improper authenticationlow3.7---
164815Intel AMT SDK Installer permission [CVE-2020-12354]medium4.3---
164814Intel Wireless Bluetooth denial of service [CVE-2020-12322]low2.9---
164813Intel Wireless Bluetooth buffer overflow [CVE-2020-12321]medium5.8---
164812Intel PROSet/Wireless WiFi Control Flow Management denial of servicelow2.9---
164811Intel PROSet/Wireless WiFi protection mechanism [CVE-2020-12318]medium4.3---
164810Intel PROSet/Wireless Software memory corruption [CVE-2020-12317]medium3.3---
164809Intel PROSet/Wireless WiFi denial of service [CVE-2020-12314]low2.9---
164808Intel Stratix 10 FPGA buffer overflow [CVE-2020-12312]medium4.6---
164807Intel Client SSD/Data Center SSD Control Flow Management information disclosurelow1.9---
164806Intel Client SSD/Data Center SSD Control Flow Management information disclosurelow1.9---
164805Intel Client SSD/Data Center SSD information disclosure [CVE-2020-12309]low2.1---
164804Intel Computing Improvement Program Access Control information disclosurelow4.0---
164803Intel High Definition Audio Driver permission [CVE-2020-12307]medium4.3---
164802Intel RealSense D400 Series Dynamic Calibration Tool permissionmedium4.3---
164801Intel DAL SDK Access Control access control [CVE-2020-12304]medium4.3---
164800Intel CSME/TXE DAL Subsystem use after free [CVE-2020-12303]medium4.3---
164799Intel CSME Driver/TXE access control [CVE-2020-12297]medium4.3---
164798Intel CPU BIOS buffer overflow [CVE-2020-0593]medium4.3---
164797Intel CPU BIOS out-of-bounds write [CVE-2020-0592]medium4.3---
164796Intel CPU BIOS buffer overflow [CVE-2020-0591]medium4.3---
164795Intel CPU BIOS input validation [CVE-2020-0590]medium4.3---
164794Intel CPU BIOS access control [CVE-2020-0588]medium4.3---
164793Intel CPU BIOS access control [CVE-2020-0587]medium4.3---
164792Intel DC P4800X/DC P4801X/Optane 900P/Optane 905P denial of servicelow1.7---
164791Intel Unite Client information disclosure [CVE-2020-0575]low1.7---
164790Apache Batik GET Request server-side request forgery [CVE-2019-17566]medium5.2---
164789Intel Media SDK permission [CVE-2019-11121]medium4.3---
164788Google Chrome Site Isolation use after free [CVE-2020-16017]medium7.5---
164787Google Chrome v8 Remote Code Execution [CVE-2020-16013]medium7.5---
164786Huawei FusionCompute Encryption Algorithm information disclosurelow1.4---
164785Good Layers LMS Plugin POST Parameter wp_ajax_nopriv sql injectionmedium7.5---
164784Cacti Template Import templates_import.php cross site scriptinglow5.0---
164783Python-RSA information disclosure [CVE-2020-25658]low1.8---
164782Apache CXF services cross site scriptinglow4.0---
164781json8 Prototype code injection [CVE-2020-7770]medium7.5---
164780nodemailer Email Address command injection [CVE-2020-7769]medium7.5---
164779McAfee Endpoint Security Firewall ePO Extension cross site scriptinglow3.3---
164778McAfee Endpoint Security Firewall ePO Extension cross-site request forgerylow4.0---
164777McAfee Endpoint Security unquoted search path [CVE-2020-7331]low1.7---
164776Qualcomm Snapdragon Auto SIP sigcomp Message memory corruptionmedium5.2---
164775Qualcomm Snapdragon Compute/Snapdragon Mobile memory corruptionmedium5.2---
164774Qualcomm Snapdragon DSP Process improper authorization [CVE-2020-11209]medium5.2---
164773Qualcomm Snapdragon DSP Services memory corruption [CVE-2020-11208]medium5.2---
164772Qualcomm Snapdragon Auto LibFastCV buffer overflow [CVE-2020-11207]medium5.2---
164771Qualcomm Snapdragon Auto Fastrpc buffer overflow [CVE-2020-11206]medium5.2---
164770Qualcomm Snapdragon Auto integer overflow [CVE-2020-11205]medium4.9---
164769Qualcomm Snapdragon Auto Library buffer overflow [CVE-2020-11202]medium5.2---
164768Qualcomm Snapdragon Auto Library memory corruption [CVE-2020-11201]medium5.2---
164767Qualcomm Snapdragon Auto ASF Clip integer overflow [CVE-2020-11196]medium4.9---
164766Qualcomm Snapdragon Auto MKV Clip buffer overflow [CVE-2020-11193]medium5.2---
164765Qualcomm Snapdragon Auto MP4 Clip buffer overflow [CVE-2020-11184]medium5.2---
164764Qualcomm Snapdragon Auto Bluetooth Transport Driver use after freemedium4.9---
164763Qualcomm Snapdragon Auto Data Buffer buffer overflow [CVE-2020-11168]medium5.2---
164762Qualcomm Snapdragon Auto GUID Attribute buffer overflow [CVE-2020-11132]medium5.2---
164761Qualcomm Snapdragon Auto WMA Message integer overflow [CVE-2020-11131]medium4.9---
164760Qualcomm Snapdragon Auto WiFi HAL buffer overflow [CVE-2020-11130]medium5.2---
164759Qualcomm Snapdragon Auto Extensible Boot Loader integer overflowmedium4.9---
164758Qualcomm Snapdragon Auto Gatekeeper Trustzone information disclosurelow3.5---
164757Qualcomm Snapdragon Auto WiFi HAL buffer overflow [CVE-2020-11121]medium5.2---
164756Cisco IOS XR Ingress Packet Processor denial of service [CVE-2020-26070]medium7.8---
164755NVIDIA GeForce NOW OpenSSL Dependency uncontrolled search pathlow4.3---
164754touchbase.ai cross site scripting [CVE-2020-26221]low5.0---
164753toucbase.ai EXIF Data information disclosure [CVE-2020-26220]low4.0---
164752touchbase.ai redirect [CVE-2020-26219]low5.1---
164751touchbase.ai cross site scripting [CVE-2020-26218]low4.0---
164750Palo Alto PAN-OS GlobalProtect Gateway improper authorizationmedium7.5---
164749Palo Alto PAN-OS Log File log file [CVE-2020-2048]low1.7---
164748Palo Alto PAN-OS Panorama Software information disclosure [CVE-2020-2022]low2.6---
164747Palo Alto PAN-OS Management Web Interface os command injectionmedium8.3---
164746Palo Alto PAN-OS Signature-Based Threat Detection Engine unusual conditionlow5.0---
164745Lenovo Notebook VariableServiceSmm Driver toctou [CVE-2020-8354]medium5.9---
164744Lenovo Desktop/Workstation EHBC config [CVE-2020-8353]low4.3---
164743Lenovo Desktop Configuration Change Detection BIOS Setting security check for standardlow2.1---
164742Vmware Pivotal Scheduler missing encryption [CVE-2020-5426]low2.6---
164741Audi A7 MMI Multiplayer format string [CVE-2020-27524]medium5.2---
164740Solstice-Pod WebRTC Server denial of service [CVE-2020-27523]low4.3---
164739MoinMoin SVG File hard-coded credentials [CVE-2020-15275]low4.0---
164738IBM Cognos Controller privileges management [CVE-2020-4685]medium6.8---
164737grpc/grpc-js Prototype loadPackageDefinition code injectionmedium7.5---
164736express-validators URL incorrect regex [CVE-2020-7767]medium7.5---
164735Adobe Reader Mobile information disclosure [CVE-2020-24441]low2.3---
164734Adobe Connect cross site scripting [CVE-2020-24443]low4.0---
164733Adobe Connect cross site scripting [CVE-2020-24442]low4.0---
164732McAfee MVision Endpoint DNS Request server-side request forgerymedium5.8---
164731McAfee MVision Endpoint HTTP Request server-side request forgerymedium5.8---
164730AccountsService .pam_environment infinite looplow1.7---
164729AccountsService D-Bus Message privileges management [CVE-2020-16126]medium4.3---
164728Microsoft Edge memory corruption [CVE-2020-17052]low5.1---
164727Microsoft Edge memory corruption [CVE-2020-17058]medium7.6---
164726Microsoft Windows WalletService privileges management [CVE-2020-17037]medium6.8---
164725Microsoft Windows WalletService information disclosure [CVE-2020-16999]low4.6---
164724Microsoft Windows Update Orchestrator Service privileges managementmedium6.8---
164723Microsoft Windows Update Stack privileges management [CVE-2020-17077]medium6.8---
164722Microsoft Windows Update Medic Service privileges managementmedium6.8---
164721Microsoft Windows USO Core Worker privileges management [CVE-2020-17075]medium6.8---
164720Microsoft Windows Delivery Optimization information disclosurelow4.6---
164719Microsoft Windows Update Orchestrator Service privileges managementmedium6.8---
164718Microsoft Windows Update Orchestrator Service privileges managementmedium6.8---
164717Microsoft Windows NDIS information disclosure [CVE-2020-17069]low4.6---
164716Microsoft Windows Kernel privileges management [CVE-2020-17087]medium6.8---
164715Microsoft Windows Kernel privileges management [CVE-2020-17035]medium6.8---
164714Microsoft Windows Defender for Endpoint Security information disclosurelow5.4---
164713Microsoft Visual Studio unknown vulnerability [CVE-2020-17100]low4.6---
164712Microsoft Visual Studio Code JSHint Extension input validationmedium10.0---
164711Microsoft HEVC Video Extensions Remote Code Execution [CVE-2020-17109]medium10.0---
164710Microsoft HEVC Video Extensions Remote Code Execution [CVE-2020-17108]medium10.0---
164709Microsoft Windows Camera Codec information disclosure [CVE-2020-17113]low4.6---
164708Microsoft HEVC Video Extensions Remote Code Execution [CVE-2020-17110]medium10.0---
164707Microsoft HEVC Video Extensions Remote Code Execution [CVE-2020-17107]medium10.0---
164706Microsoft Raw Image Extension Remote Code Execution [CVE-2020-17078]medium10.0---
164705Microsoft Raw Image Extension Local Privilege Escalation [CVE-2020-17079]medium7.2---
164704Microsoft Raw Image Extension information disclosure [CVE-2020-17081]low4.9---
164703Microsoft Raw Image Extension Remote Code Execution [CVE-2020-17086]medium10.0---
164702Microsoft Raw Image Extension Remote Code Execution [CVE-2020-17082]medium10.0---
164701Microsoft WebP Image Extension information disclosure [CVE-2020-17102]low4.9---
164700Microsoft AV1 Video Extension Remote Code Execution [CVE-2020-17105]medium10.0---
164699Microsoft HEIF Image Extension Remote Code Execution [CVE-2020-17101]medium10.0---
164698Microsoft HEVC Video Extensions Remote Code Execution [CVE-2020-17106]medium10.0---
164697Microsoft Windows Bind Filter Driver privileges management [CVE-2020-17012]medium6.8---
164696Microsoft Windows Port Class Library privileges management [CVE-2020-17011]medium6.8---
164695Microsoft Windows Win32k information disclosure [CVE-2020-17013]low4.6---
164694Microsoft Windows Client Side Rendering Print Provider privileges managementmedium6.8---
164693Microsoft Windows privileges management [CVE-2020-17025]medium9.0---
164692Microsoft Windows Print Spooler privileges management [CVE-2020-17014]medium6.8---
164691Microsoft Windows Error Reporting privileges management [CVE-2020-17007]medium6.0---
164690Microsoft Windows Win32 privileges management [CVE-2020-17010]medium6.8---
164689Microsoft Windows privileges management [CVE-2020-17055]medium9.0---
164688Microsoft Windows Network File System information disclosurelow4.6---
164687Microsoft Windows Win32k privileges management [CVE-2020-17057]medium6.0---
164686Microsoft Windows Print Spooler privileges management [CVE-2020-17001]medium6.8---
164685Microsoft Windows Remote Desktop Protocol Server information disclosuremedium6.8---
164684Microsoft Windows unknown vulnerability [CVE-2020-1599]low4.9---
164683Microsoft Windows Remote Desktop Protocol Client information disclosuremedium6.8---
164682Microsoft Windows Function Discovery SSDP Provider information disclosurelow4.6---
164681Microsoft Windows Network File System denial of service [CVE-2020-17047]medium7.8---
164680Microsoft Windows Hyper-V improper authentication [CVE-2020-17040]medium6.4---
164679Microsoft Windows Network File System Remote Code Execution [CVE-2020-17051]high10.0---
164678Microsoft Windows Kerberos privileges management [CVE-2020-17049]medium6.8---
164677Microsoft Windows privileges management [CVE-2020-17034]medium9.0---
164676Microsoft Windows Print Configuration privileges management [CVE-2020-17041]medium6.8---
164675Microsoft Windows Print Spooler Remote Code Execution [CVE-2020-17042]medium10.0---
164674Microsoft Windows privileges management [CVE-2020-17043]medium9.0---
164673Microsoft Windows Error Reporting denial of service [CVE-2020-17046]low4.6---
164672Microsoft Windows KernelStream information disclosure [CVE-2020-17045]low4.6---
164671Microsoft Windows privileges management [CVE-2020-17044]medium9.0---
164670Microsoft Windows privileges management [CVE-2020-17028]medium9.0---
164669Microsoft Windows MSCTF Server information disclosure [CVE-2020-17030]low4.6---
164668Microsoft Windows privileges management [CVE-2020-17027]medium9.0---
164667Microsoft Windows privileges management [CVE-2020-17031]medium9.0---
164666Microsoft Windows privileges management [CVE-2020-17026]medium9.0---
164665Microsoft Windows privileges management [CVE-2020-17033]medium9.0---
164664Microsoft Windows privileges management [CVE-2020-17032]medium9.0---
164663Microsoft Teams Local Privilege Escalation [CVE-2020-17091]medium7.2---
164662Microsoft Edge/ChakraCore memory corruption [CVE-2020-17054]low5.1---
164661Microsoft Internet Explorer memory corruption [CVE-2020-17052]low5.1---
164660Microsoft Internet Explorer memory corruption [CVE-2020-17053]low5.1---
164659Microsoft Edge/ChakraCore memory corruption [CVE-2020-17048]low5.1---
164658Microsoft SharePoint Server input validation [CVE-2020-17060]low5.5---
164657Microsoft SharePoint Server Remote Privilege Escalation [CVE-2020-17061]medium9.0---
164656Microsoft SharePoint Server information disclosure [CVE-2020-17017]low4.9---
164655Microsoft SharePoint Server input validation [CVE-2020-17015]low5.0---
164654Microsoft SharePoint Server information disclosure [CVE-2020-16979]low4.9---
164653Microsoft SharePoint Server input validation [CVE-2020-17016]medium9.0---
164652Microsoft Office improper authentication [CVE-2020-17020]low2.1---
164651Microsoft Office/365 Apps for Enterprise input validation [CVE-2020-17063]medium7.1---
164650Microsoft Office Access Connectivity Engine Remote Code Executionmedium7.5---
164649Microsoft Excel Remote Code Execution [CVE-2020-17067]medium7.5---
164648Microsoft Excel memory corruption [CVE-2020-17019]medium7.5---
164647Microsoft Excel memory corruption [CVE-2020-17066]medium7.5---
164646Microsoft Excel memory corruption [CVE-2020-17064]medium7.5---
164645Microsoft Excel memory corruption [CVE-2020-17065]medium7.5---
164644Microsoft Windows GDI+ Local Privilege Escalation [CVE-2020-17068]medium6.8---
164643Microsoft Windows Graphics privileges management [CVE-2020-17038]medium6.8---
164642Microsoft Windows Graphics information disclosure [CVE-2020-17004]low4.6---
164641Microsoft Windows Canonical Display Driver information disclosurelow4.6---
164640Microsoft Windows DirectX privileges management [CVE-2020-16998]medium6.0---
164639Microsoft Exchange Server buffer overflow [CVE-2020-17084]medium7.1---
164638Microsoft Exchange Server denial of service [CVE-2020-17085]low6.4---
164637Microsoft Exchange Server cross site scripting [CVE-2020-17083]low4.6---
164636Microsoft Dynamics CRM cross site scripting [CVE-2020-17006]low5.5---
164635Microsoft Dynamics 365 cross site scripting [CVE-2020-17021]low5.5---
164634Microsoft Dynamics 365 cross site scripting [CVE-2020-17018]low5.5---
164633Microsoft Dynamics 365 cross site scripting [CVE-2020-17005]low5.5---
164632Microsoft Internet Explorer memory corruption [CVE-2020-17058]medium7.6---
164631Microsoft Windows Common Log File System Driver privileges managementmedium6.8---
164630Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16991]medium6.1---
164629Microsoft Azure Sphere information disclosure [CVE-2020-16990]low4.9---
164628Microsoft Azure Sphere privileges management [CVE-2020-16989]low5.3---
164627Microsoft Azure Sphere privileges management [CVE-2020-16992]medium5.9---
164626Microsoft Azure Sphere double free [CVE-2020-16970]medium6.2---
164625Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16994]medium6.1---
164624Microsoft Azure Sphere privileges management [CVE-2020-16993]low5.3---
164623Microsoft Azure Sphere privileges management [CVE-2020-16988]medium5.9---
164622Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16983]low5.6---
164621Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16982]low5.9---
164620Microsoft Azure Sphere privileges management [CVE-2020-16981]low5.9---
164619Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16984]medium6.1---
164618Microsoft Azure Sphere Local Privilege Escalation [CVE-2020-16987]medium6.1---
164617Microsoft Azure Sphere denial of service [CVE-2020-16986]low4.9---
164616Microsoft Azure Sphere information disclosure [CVE-2020-16985]low4.9---
164615Microsoft Azure DevOps Server unknown vulnerability [CVE-2020-1325]low5.5---
164614Dundas BI Event cross site scripting [CVE-2020-28409]low4.0---
164613Dundas BI Dashboard cross site scripting [CVE-2020-28408]low4.0---
164612Xen Energy Monitoring Interface information disclosure [CVE-2020-28368]low3.3---
164611SAP Fiori Launchpad News Tile Application server-side request forgerymedium7.5---
164610SAP Process Integration PGP Module Business-to-Business Add On information disclosurelow3.3---
164609SAP Commerce Cloud Accelerator Payment Mock server-side request forgerymedium7.5---
164608News ILIAS Magpie RSS injection [CVE-2020-25268]medium6.0---
164607ILIAS question-pool file-upload Preview cross site scriptinglow4.0---
164606BlueStacks File Permission access control [CVE-2020-24367]medium4.3---
164605Canto Plugin download.php server-side request forgery [CVE-2020-24063]medium5.2---
164604Ilex Sign&Go Workstation Security Suite 000-sngWSService1.log symlinkmedium4.3---
164603Subrion CMS Plugin cross-site request forgery [CVE-2019-7357]low5.0---
164602json-ptr Prototype set code injectionmedium7.5---
164601SAP ERP/S-4 HANA authorization [CVE-2020-6316]medium4.0---
164600Dell Inspiron 15 7579 2-in-1 BIOS SMM Communication buffer overflowmedium5.9---
164599IBM Content Navigator Web UI cross site scripting [CVE-2020-4760]low4.0---
164598IBM Content Navigator Web UI cross site scripting [CVE-2020-4704]low4.0---
164597IBM Tivoli Key Lifecycle Manager insufficiently protected credentialsmedium4.6---
164596strikeentco set code injection [CVE-2020-28267]medium6.5---
164595TCL V8-R851T02-LF1/V8-T658T01-LF1 tcl Local Privilege Escalationlow4.3---
164594TCL V8-R851T02-LF1/V8-T658T01-LF1 Web Server information disclosurelow3.3---
164593TIBCO iProcess Workspace cross-site request forgery [CVE-2020-27146]low5.0---
164592SAP Solution Manager Upgrade Legacy Ports Service authorizationmedium7.5---
164591SAP Solution Manager Upgrade Diagnostics Agent Connection Service authorizationmedium7.5---
164590SAP Solution Manager Outside Discovery Configuration Service authorizationmedium7.5---
164589SAP Solution Manager SVG Converter Service authorization [CVE-2020-26821]medium7.5---
164588SAP NetWeaver AS JAVA Administrator Console access control [CVE-2020-26820]medium5.8---
164587SAP NetWeaver AS ABAP Log File access control [CVE-2020-26819]medium6.5---
164586SAP NetWeaver AS ABAP information disclosure [CVE-2020-26818]low4.0---
164585SAP 3D Visual Enterprise Viewer HPGL File denial of service [CVE-2020-26817]low5.0---
164584SAP Commerce Cloud Commerce Module denial of service [CVE-2020-26810]low5.0---
164583SAP Commerce Cloud Secure Media Folder medias improper authenticationmedium7.5---
164582SAP AS ABAP/S4 HANA code injection [CVE-2020-26808]medium8.3---
164581SAP ERP Client for E-Bilanz Filesystem Permission permissionmedium4.3---
164580MoinMoin HTTP Request cache.py pathname traversalmedium6.5---
164579Apache Airflow Experimental API improper authentication [CVE-2020-13927]medium5.8---
164578Vivo Frame Touch Module denial of service [CVE-2020-12485]low1.7---
164577A10 ACOS/aGalaxy Graphical User Interface Remote Code Executionmedium7.5---
164576Google Android ConnectivityService.java callCallbackForRequest permission assignmentlow1.7---
164575Google Android BeamTransferManager.java updateNotification default permissionmedium4.3---
164574Google Android exif-entry.c exif_entry_get_value integer overflowhigh10.0---
164573Google Android sbrdecoder.cpp sbrDecoder_AssignQmfChannels2SbrChannels out-of-bounds writemedium10.0---
164572Google Android rw_i93.cc rw_i93_sm_format initializationlow2.1---
164571Google Android btm_sec.cc btm_sec_disconnected use after freemedium10.0---
164570Google Android TelecomServiceImpl.java getPhoneAccountsForPackage information disclosurelow1.7---
164569Google Android out-of-bounds write [CVE-2020-0447]medium5.2---
164568Google Android out-of-bounds write [CVE-2020-0446]high10.0---
164567Google Android out-of-bounds write [CVE-2020-0445]high10.0---
164566Google Android LocaleList.java LocaleList unusual conditionlow1.7---
164565Google Android UI Notification.java toBundle denial of servicelow5.0---
164564Google Android Notification Notification.java toBundle resource consumptionlow5.0---
164563Google Android PackageManagerService.java generatePackageInfo permissionmedium4.3---
164562Google Android ibinder.cpp AIBinder_Class uninitialized pointerlow4.3---
164561Google Android CellBroadcastReceiver's denial of service [CVE-2020-0437]low1.7---
164560Google Android res_send.cpp send_vc out-of-bounds readlow1.7---
164559Google Android Utils.java getPermissionInfosForGroup permissionmedium4.3---
164558Google Android FileMap.cpp out-of-bounds writemedium4.3---
164557gdm3 gnome-initial-setup unusual condition [CVE-2020-16125]low4.3---
164556IBM FileNet Content Manager csv injection [CVE-2020-4759]medium5.8---
164555IBM Maximo Spatial Asset Management cross-site request forgerylow5.0---
164554IBM Maximo Spatial Asset Management Local Cache information disclosurelow1.7---
164553Netgear R6250 upnpd buffer overflow [CVE-2020-28373]medium5.2---
164552ReadyTalk Avian FileOutputStream.java FileOutputStream.write integer overflowmedium4.9---
164551Locust Web UI cross site scripting [CVE-2020-28364]low4.0---
164550CapaSystems CapaInstaller Privileges access control [CVE-2020-27977]medium5.2---
164549Trend Micro Interscan Messaging Security Virtual Appliance Library unknown vulnerabilitylow4.9---
164548Trend Micro Interscan Messaging Security Virtual Appliance Password Storage unknown vulnerabilitylow1.4---
164547Trend Micro Interscan Messaging Security Virtual Appliance information disclosurelow2.3---
164546Trend Micro Interscan Messaging Security Virtual Appliance server-side request forgerymedium6.5---
164545Trend Micro Interscan Messaging Security Virtual Appliance XML External Entity xml external entity referencelow3.3---
164544Trend Micro Interscan Messaging Security Virtual Appliance cross-site request forgerylow4.0---
164543Simple LDAP Plugin Microsoft Active Directory Authentication improper authenticationmedium5.8---
164542Hazelcast IMDG Enterprise/Jet Enterprise LdapLoginModule members improper authenticationmedium5.8---
164541Microweber User Change session expiration [CVE-2020-23140]low2.3---
164540Microweber user session [CVE-2020-23139]low4.3---
164539Microweber Admin Account Page unrestricted upload [CVE-2020-23138]medium4.9---
164538Microweber session expiration [CVE-2020-23136]medium5.2---
164537Red Hat KeyCloak URL Transformation path traversal [CVE-2020-14366]medium7.5---
164536Atlassian gajira-comment GitHub Action Remote Privilege Escalationmedium6.0---
164535Atlassian gajira-create GitHub Action preprocessArgs Remote Privilege Escalationmedium6.0---
164534Netflix Dispatch Access Control access control [CVE-2020-9300]medium6.5---
164533Netflix Dispatch Incident Priority cross site scripting [CVE-2020-9299]low4.0---
164532Brave Browser Desktop's Privacy-Preserving Analytics System cleartext storagelow1.7---
164531json8-merge-patch Package Constructor code injection [CVE-2020-8268]medium5.2---
164530Nextcloud Server Encrypted File downgrade [CVE-2020-8150]low1.4---
164529Nextcloud Server Passphrase signature verification [CVE-2020-8133]medium5.2---
164528Red Hat Advanced Cluster Management for Kubernetes ManagedClusterView API permissionmedium5.2---
164527PEGA Platform Request Header cross site scripting [CVE-2020-24353]low4.0---
164526BitDefender Endpoint Security Tools Update Server/BEST Relay server-side request forgerymedium4.3---
164525Mitel ShoreTel Home Meeting Page index.php cross site scriptinglow5.0---
164524ChirpStack Network Server Frequency Attribute collect.go CollectAndCallOnceCollect denial of service [Disputed]low2.3---
164523Magento File Upload unrestricted upload [CVE-2020-24407]medium5.8---
164522Magento Installation information disclosure [CVE-2020-24406]low5.0---
164521Magento Inventory Module improper authorization [CVE-2020-24405]medium5.2---
164520Magento Integrations improper authorization [CVE-2020-24404]medium5.5---
164519Magento Inventory Source permission [CVE-2020-24403]medium6.5---
164518Magento Integrations improper authorization [CVE-2020-24402]medium6.5---
164517Magento Authorization authorization [CVE-2020-24401]medium6.5---
164516Magento sql injection [CVE-2020-24400]medium5.2---
164515find-my-way Package Route denial of service [CVE-2020-7764]low2.6---
164514TP-LINK Archer A7 AC1750 os command injection [CVE-2020-28347]medium6.5---
164513Server Status HTTP Status/SMTP Status cross site scriptinglow4.0---
164512Countdown Timer Macro cross site scriptinglow4.0---
164511Linking New Windows Macro cross site scriptinglow4.0---
164510Refined Toolkit UI-Image/UI-Button cross site scriptinglow4.0---
164509PlantUML Database Information Macro cross site scriptinglow4.0---
164508LG Mobile Devices Wi-Fi Subsystem denial of service [CVE-2020-28345]low2.3---
164507LG Mobile Devices System Service denial of service [CVE-2020-28344]low2.3---
164506Samsung Mobile Devices NPU Driver memory corruption [CVE-2020-28343]medium5.2---
164505Samsung Mobile Devices S Secure Application improper authenticationmedium4.6---
164504Samsung Mobile Devices S3K250AF Secure Element CC EAL 5+ Chip buffer overflowmedium5.2---
164503Samsung Mobile Devices Factory Reset Protection unknown vulnerabilitylow4.9---
164502usc-e-shop Plugin usces_unserialize injectionmedium6.5---
164501PackageKit Repository privileges management [CVE-2020-16122]medium5.2---
164500PackageKit information exposure [CVE-2020-16121]low2.3---
164499NetApp SANtricity OS Controller Software Transmission cleartext transmissionlow2.6---
164498Nessus Network Monitor path traversal [CVE-2020-5794]medium4.3---
164497Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionmedium7.5---
164496Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionmedium7.5---
164495Cisco SD-WAN CLI privileges management [CVE-2020-3600]medium6.8---
164494Cisco SD-WAN privileges management [CVE-2020-3595]medium6.8---
164493Cisco SD-WAN privileges management [CVE-2020-3594]medium6.8---
164492Cisco SD-WAN privileges management [CVE-2020-3593]medium6.8---
164491Cisco SD-WAN vManage Web-based Management Interface improper authorizationmedium6.5---
164490Cisco SD-WAN vManage Web-based Management Interface cross site scriptinglow4.0---
164489Cisco SD-WAN vManage Web-based Management Interface cross site scriptinglow4.0---
164488Cisco Webex Meetings Desktop App Virtualization Channel Messaging path traversalmedium4.3---
164487Cisco SD-WAN vManage Web-based Management Interface cross site scriptinglow4.0---
164486Cisco SD-WAN vManage Web-based Management Interface cross site scriptinglow5.0---
164485Cisco IP Phone TCP Ingress denial of service [CVE-2020-3574]medium7.8---
164484Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionmedium7.5---
164483Cisco AnyConnect Secure Mobility Client Interprocess Communication input validationmedium4.6---
164482Cisco Identity Services Engine Web-based Management Interface cross site scriptinglow5.0---
164481Cisco SD-WAN Packet Filter input validation [CVE-2020-3444]medium7.5---
164480Cisco Integrated Management Controller Web UI os command injectionmedium6.5---
164479Cisco IOS Preboot eXecution Environment Boot Loader access controlhigh10.0---
164478SuiteCRM File Name php logger_file_name access controlmedium6.5---
164477Asterisk PBX SIP Invite res_pjsip_session denial of servicelow3.5---
164476Axios Package Redirect server-side request forgery [CVE-2020-28168]medium5.2---
164475Cisco SD-WAN vManage CLI argument injection [CVE-2020-27129]medium4.3---
164474Cisco SD-WAN vManage Application Data Endpoint path traversalmedium6.5---
164473Cisco AnyConnect Secure Mobility Client Interprocess Communication routinemedium4.3---
164472Cisco Identity Services Engine Active Directory Account privileges assignmentmedium6.5---
164471Cisco Unified Communications Manager IM & Presence Service XCP Authentication Service denial of servicelow4.0---
164470Alerta improper authentication [CVE-2020-26214]medium7.5---
164469teler Error denial of service [CVE-2020-26213]low2.3---
164468Cisco TelePresence Collaboration Endpoint Video Endpoint API exposure of resourcemedium6.5---
164467Cisco Edge Fog Fabric REST API exposure of resource [CVE-2020-26084]medium6.5---
164466Cisco Identity Services Engine Web-based Management Interface cross site scriptinglow4.0---
164465B. Braun OnlineSuite DLL uncontrolled search path [CVE-2020-25174]medium4.3---
164464B. Braun OnlineSuite path traversal [CVE-2020-25172]medium5.8---
164463B. Braun OnlineSuite Excel Export injection [CVE-2020-25170]medium5.2---
164462ad-ldap-connector Admin Panel cross-site request forgery [CVE-2020-15259]low5.0---
164461Raptor RDF Syntax Library raptor_xml_writer.c raptor_xml_writer_start_element_common buffer overflowmedium5.2---
164460NetApp SANtricity OS Controller Software denial of service [CVE-2020-8580]low2.9---
164459HPE OneView/Synergy Composer access control [CVE-2020-7198]medium6.5---
164458TP-LINK Archer A7 USB Driver symlink [CVE-2020-5795]medium4.3---
164457IBM UrbanCode Deploy information disclosure [CVE-2020-4484]low4.0---
164456IBM UrbanCode Deploy information exposure [CVE-2020-4483]low4.0---
164455IBM UrbanCode Deploy REST Call access control [CVE-2020-4482]medium6.5---
164454Synopsys hub-rest-api-python SSL Certificate certificate validationmedium5.8---
164453Play Framework PlayJava denial of service [CVE-2020-27196]low2.3---
164452Play Framework JSON Document recursion [CVE-2020-26883]low2.3---
164451Play Framework JSON form-data resource consumptionlow2.3---
164450Cellinx NVT Web Server SetFileContent.cgi improper authenticationmedium7.5---
164449Joplin Note cross site scripting [CVE-2020-28249]low4.0---
164448Asterisk PBX INVITE infinite loop [CVE-2020-28242]low5.0---
164447MIT Kerberos 5 ASN.1 asn1_encode.c recursionlow2.3---
164446NATS nats-server access control [CVE-2020-26892]medium5.2---
164445NATS nats-server JWT Library null pointer dereference [CVE-2020-26521]low2.3---
164444SaltStack Salt salt-netapi improper authentication [CVE-2020-25592]medium5.8---
164443SaltStack Salt TLS Module certificate validation [CVE-2020-17490]medium4.3---
164442SaltStack Salt Salt API os command injection [CVE-2020-16846]medium5.2---
164441Kuka SVisual Components License Manager Service denial of servicelow3.3---
164440Kuka Visual Components License Manager Service information disclosurelow3.3---
164439Studyplus App API Key hard-coded credentials [CVE-2020-5667]medium7.5---
164438Mitsubishi Electric GT1455-QTBDE TCPIP resource consumption [CVE-2020-5649]low5.0---
164437Mitsubishi Electric GT1455-QTBDE TCPIP argument injectionmedium5.8---
164436Mitsubishi Electric GT1455-QTBDE TCPIP access control [CVE-2020-5647]medium7.5---
164435Mitsubishi Electric GT1455-QTBDE TCPIP null pointer dereferencelow5.0---
164434Mitsubishi Electric GT1455-QTBDE TCPIP session fixiation [CVE-2020-5645]medium5.0---
164433Mitsubishi Electric GT1455-QTBDE TCPIP buffer overflow [CVE-2020-5644]medium7.5---
164432Cybozu Garoon Bulletin Board input validation [CVE-2020-5643]medium6.5---
164431libmaxminddb maxminddb.c dump_entry_data_list heap-based overflowmedium5.2---
164430tmux input.c input_csi_dispatch_sgr_colon stack-based overflowmedium4.3---
164429libvirt Socket permission assignment [CVE-2020-15708]medium4.3---
164428Apple watchOS WebKit use after free [CVE-2020-27918]medium7.5---
164427Apple watchOS Logging path traversal [CVE-2020-10010]low4.3---
164426Apple watchOS libxml2 integer overflow [CVE-2020-27911]medium7.5---
164425Apple watchOS libxml2 use after free [CVE-2020-27917]medium7.5---
164424Apple watchOS Kernel type confusion [CVE-2020-27932]medium6.8---
164423Apple watchOS Kernel memory corruption [CVE-2020-10016]medium6.8---
164422Apple watchOS Kernel state issue [CVE-2020-9974]low1.7---
164421Apple watchOS Kernel initialization [CVE-2020-27950]low1.7---
164420Apple watchOS IOAcceleratorFamily memory corruption [CVE-2020-27905]medium6.8---
164419Apple watchOS ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
164418Apple watchOS Foundation state issue [CVE-2020-10002]low1.7---
164417Apple watchOS FontParser out-of-bounds write [CVE-2020-27927]medium7.5---
164416Apple watchOS FontParser memory corruption [CVE-2020-27930]medium7.5---
164415Apple watchOS Crash Reporter symlink [CVE-2020-10003]medium4.6---
164414Apple watchOS CoreAudio out-of-bounds read [CVE-2020-27909]medium7.5---
164413Apple watchOS CoreAudio out-of-bounds write [CVE-2020-10017]medium7.5---
164412Apple watchOS Audio out-of-bounds write [CVE-2020-27916]medium7.5---
164411Apple watchOS Audio out-of-bounds read [CVE-2020-27910]medium7.5---
164410Apple macOS Kernel initialization [CVE-2020-27950]low1.7---
164409Apple macOS Kernel type confusion [CVE-2020-27932]medium6.8---
164408Apple macOS FontParser memory corruption [CVE-2020-27930]medium7.5---
164407Apple tvOS WebKit use after free [CVE-2020-27918]medium7.5---
164406Apple tvOS Logging path traversal [CVE-2020-10010]low4.3---
164405Apple tvOS libxml2 integer overflow [CVE-2020-27911]medium7.5---
164404Apple tvOS libxml2 use after free [CVE-2020-27917]medium7.5---
164403Apple tvOS Kernel memory corruption [CVE-2020-10016]medium6.8---
164402Apple tvOS Kernel information disclosure [CVE-2020-9974]low1.7---
164401Apple tvOS IOAcceleratorFamily memory corruption [CVE-2020-27905]medium6.8---
164400Apple tvOS ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
164399Apple tvOS Foundation behavioral workflow [CVE-2020-10002]low1.7---
164398Apple tvOS FontParser out-of-bounds write [CVE-2020-27927]medium7.5---
164397Apple tvOS Crash Reporter symlink [CVE-2020-10003]low4.3---
164396Apple tvOS CoreAudio out-of-bounds read [CVE-2020-27909]medium7.5---
164395Apple tvOS CoreAudio out-of-bounds write [CVE-2020-10017]medium7.5---
164394Apple tvOS Audio out-of-bounds write [CVE-2020-27916]medium7.5---
164393Apple tvOS Audio out-of-bounds read [CVE-2020-27910]medium7.5---
164392Apple iOS/iPadOS WebKit use after free [CVE-2020-27918]medium7.5---
164391Apple iOS/iPadOS Model I/O out-of-bounds read [CVE-2020-10011]medium7.5---
164390Apple iOS/iPadOS Model I/O out-of-bounds read [CVE-2020-13524]medium7.5---
164389Apple iOS/iPadOS Model I/O behavioral workflow [CVE-2020-10004]medium7.5---
164388Apple iOS/iPadOS Logging path traversal [CVE-2020-10010]low4.3---
164387Apple iOS/iPadOS libxml2 use after free [CVE-2020-27926]medium7.5---
164386Apple iOS/iPadOS libxml2 integer overflow [CVE-2020-27911]medium7.5---
164385Apple iOS/iPadOS libxml2 use after free [CVE-2020-27917]medium7.5---
164384Apple iOS/iPadOS Keyboard improper authentication [CVE-2020-27902]low2.1---
164383Apple iOS/iPadOS Kernel type confusion [CVE-2020-27932]medium6.8---
164382Apple iOS/iPadOS Kernel memory corruption [CVE-2020-10016]medium6.8---
164381Apple iOS/iPadOS Kernel information disclosure [CVE-2020-9974]low1.7---
164380Apple iOS/iPadOS Kernel information disclosure [CVE-2020-27950]low1.7---
164379Apple iOS/iPadOS IOAcceleratorFamily memory corruption [CVE-2020-27905]medium6.8---
164378Apple iOS/iPadOS ImageIO out-of-bounds write [CVE-2020-27912]medium7.5---
164377Apple iOS/iPadOS Foundation behavioral workflow [CVE-2020-10002]low1.7---
164376Apple iOS/iPadOS FontParser out-of-bounds write [CVE-2020-27927]medium7.5---
164375Apple iOS/iPadOS FontParser memory corruption [CVE-2020-27930]medium7.5---
164374Apple iOS/iPadOS Crash Reporter symlink [CVE-2020-10003]low4.3---
164373Apple iOS/iPadOS CoreAudio out-of-bounds read [CVE-2020-27909]medium7.5---
164372Apple iOS/iPadOS CoreAudio out-of-bounds write [CVE-2020-10017]medium7.5---
164371Apple iOS/iPadOS CallKit state issue [CVE-2020-27925]low5.0---
164370Apple iOS/iPadOS Audio out-of-bounds write [CVE-2020-27916]medium7.5---
164369Apple iOS/iPadOS Audio out-of-bounds read [CVE-2020-27910]medium7.5---
164368Apple iOS FaceTime out-of-bounds read [CVE-2020-27929]medium7.5---
164367UniFi Protect controller API improper authentication [CVE-2020-8267]medium5.8---
164366HPE Proliant Gen10 Server Intel Innovation Engine access controlmedium7.2---
164365ZTE ZXA10 eODN information disclosure [CVE-2020-6877]low4.0---
164364Check Point Endpoint Security Log File link following [CVE-2020-6015]medium4.1---
164363F5 BIG-IP Advanced WAF/BIG-IP FPS Traffic Management Microkernel denial of servicelow2.3---
164362F5 BIG-IP TMUI Page cross site scripting [CVE-2020-5945]low5.0---
164361F5 BIG-IQ DNS Overview Page information exposure [CVE-2020-5944]low2.7---
164360F5 BIG-IP REST Interface access control [CVE-2020-5943]medium6.5---
164359F5 BIG-IP PEM Traffic Management Microkernel denial of servicelow5.2---
164358F5 BIG-IP Traffic Management Microkernel lookup denial of servicelow5.2---
164357F5 BIG-IP Configuration utility Traffic Management User Interface cross site scriptinglow4.0---
164356F5 BIG-IP Virtual Edition Traffic Management Microkernel O denial of servicelow2.3---
164355Tenable Nessus/Nessus Agent access control [CVE-2020-5793]medium6.5---
164354Marmind Todo injection [CVE-2020-26507]medium6.5---
164353Marmind cross site scripting [CVE-2020-26505]low4.0---
164352Micro Focus Self Service Password Reset information disclosurelow2.3---
164351Red Hat Linux Bluetooth Stack stack-based overflow [CVE-2020-25662]medium3.3---
164350Red Hat Linux L2CAP Packet type confusion [CVE-2020-25661]low5.0---
164349Apache Shiro Spring improper authentication [CVE-2020-17510]medium5.8---
164348HCL Digital Experience cross site scripting [CVE-2020-14222]low4.0---
164347Telerik Fiddler Local Privilege Escalation [CVE-2020-13661]low4.1---
164346Moxa MXView permission [CVE-2020-13537]medium4.3---
164345Moxa MXView permission [CVE-2020-13536]medium5.2---
164344Silver Peak Unity Orchestrator REST API sqlExecution path traversalmedium6.5---
164343Silver Peak Unity Orchestrator REST API debugFiles path traversalmedium6.5---
164342Silver Peak Unity Orchestrator HTTP Host Header improper authenticationmedium4.6---
164341IBM QRadar SIEM Multi Tenant Configuration information disclosurelow1.7---
164340phantom-html-to-pdf information disclosure [CVE-2020-7763]low5.0---
164339jsreport-chrome-pdf information disclosure [CVE-2020-7762]low4.0---
164338AudimexEE sql injection [CVE-2020-28115]medium6.5---
164337AudimexEE Configuration Parameter cross site scripting [CVE-2020-28047]low4.0---
164336Git LFS command injection [CVE-2020-27955]medium6.0---
164335RVTools Configuration File RVToolsPasswordEncryption.exe insufficiently protected credentialslow2.3---
164334Hindotech HK1 Box S905X3 Serial Port su Local Privilege Escalationmedium6.8---
164333Marmind Web Application Web GUI authorization [CVE-2020-26506]medium4.9---
164332InterMind iMind Server Chat cross site scripting [CVE-2020-25399]low4.0---
164331InterMind iMind Server CSV Export injection [CVE-2020-25398]medium4.9---
164330FruityWifi Metacharacter page_config_adv.php os command injectionmedium6.5---
164329Immuta cross site scripting [CVE-2020-15952]low5.0---
164328Immuta Project Name redirect [CVE-2020-15951]low4.9---
164327Immuta user session [CVE-2020-15950]low4.3---
164326Immuta User Account permission [CVE-2020-15949]medium5.2---
164325absolunet kafe Email Validator denial of service [CVE-2020-7761]low5.0---
164324HorizontCMS FileManager unrestricted uploadmedium6.0---
164323Aruba AirWave command injection [CVE-2020-7129]medium6.0---
164322Aruba AirWave command injection [CVE-2020-7128]medium6.8---
164321SDDM X Server race condition [CVE-2020-28049]medium6.5---
164320Relish VH510 Web Management Portal denial of service [CVE-2020-27692]low3.5---
164319Relish VH510 URLBlocking Setting cross site scripting [CVE-2020-27691]low4.0---
164318Relish VH510 Web Management Portal formDOMAINBLK buffer overflowlow2.7---
164317Relish VH510 Web Management Interface backdoor [CVE-2020-27689]high10.0---
164316DatabaseSchemaViewer dbschema File deserialization [CVE-2020-26207]low6.5---
164315Hashicorp Consul Enterprise Namespace denial of service [CVE-2020-25201]low2.3---
164314Subrion CMS cross site scripting [CVE-2019-7356]low4.0---
164313tcpdump ppp Decapsulator allocation of resources [CVE-2020-8037]low2.3---
164312tcpdump SOME/IP Dissector tok2strbuf out-of-bounds readmedium4.9---
164311Fuel CMS Page Preview access control [CVE-2020-26167]medium5.2---
164310VMware Lab Manager Slaves Plugin credentials storage [CVE-2020-2319]low2.3---
164309Mail Commander Plugin for Jenkins-ci Plugin credentials storagelow2.7---
164308FindBugs Plugin Tooltip cross site scripting [CVE-2020-2317]low4.0---
164307Static Analysis Utilities Plugin Tooltip Configure cross site scriptinglow4.0---
164306Visualworks Store Plugin XML Parser xml external entity referencemedium4.9---
164305AppSpider Plugin Configuration File credentials storage [CVE-2020-2314]low2.3---
164304Azure Key Vault Plugin Credentials Read authorizationlow2.7---
164303Jenkins SQLPlus Script Runner Plugin Command Line Argument insufficiently protected credentialslow2.7---
164302Jenkins AWS Global Configuration Plugin authorization [CVE-2020-2311]medium5.2---
164301Ansible Plugin authorization [CVE-2020-2310]low2.7---
164300Kubernetes Plugin authorization [CVE-2020-2309]medium5.2---
164299Kubernetes Plugin Template Name authorization [CVE-2020-2308]low2.7---
164298Kubernetes Plugin Environment Variable information disclosurelow2.7---
164297Mercurial Plugin Installation authorization [CVE-2020-2306]low2.7---
164296Mercurial Plugin XML Parser xml external entity reference [CVE-2020-2305]medium4.9---
164295Subversion Plugin XML Parser xml external entity reference [CVE-2020-2304]medium4.9---
164294Active Directory Plugin cross-site request forgery [CVE-2020-2303]low4.0---
164293Active Directory Plugin Domain Health Check Diagnostic Page authorizationmedium5.2---
164292Active Directory Plugin Windows ADSI Mode improper authenticationmedium5.8---
164291Active Directory Plugin Windows ADSI Mode improper authenticationmedium5.8---
164290Active Directory Plugin improper authentication [CVE-2020-2299]medium5.8---
164289phpMyAdmin Export Section injection [CVE-2020-22278]medium4.9---
164288Import and Export Users and Customers Plugin Customer Profile injectionmedium4.9---
164287WeForms Plugin injection [CVE-2020-22276]medium4.9---
164286Easy Registration Forms Plugin injection [CVE-2020-22275]medium6.5---
164285JomSocial Customer Profile injection [CVE-2020-22274]medium4.9---
164284Neoflex Video Subscription System cross-site request forgerylow4.0---
164283Linux Kernel KVM Hypervisor stack-based overflow [CVE-2020-27152]medium6.8---
164282HCL Notes Client cross site scripting [CVE-2020-14240]medium4.3---
164281HCL Notes Client Email Composer buffer overflow [CVE-2020-4097]medium4.3---
164280QEMU ati-vga Emulator process ati_2d_blt out-of-bounds readlow3.5---
164279QEMU Networking Helper eth_get_gso_type assertionlow2.3---
164278Adobe Acrobat Reader use after free [CVE-2020-24438]medium5.0---
164277Adobe Acrobat Reader use after free [CVE-2020-24437]medium7.5---
164276Adobe Acrobat Reader use after free [CVE-2020-24430]medium7.5---
164275Adobe Acrobat Reader race condition [CVE-2020-24428]medium4.3---
164274Adobe Acrobat Reader out-of-bounds read [CVE-2020-24434]medium5.0---
164273Adobe Acrobat Reader out-of-bounds read [CVE-2020-24426]medium5.0---
164272Adobe Acrobat Reader out-of-bounds write [CVE-2020-24436]medium7.5---
164271Adobe Acrobat Reader security check for standard [CVE-2020-24431]medium7.5---
164270Adobe Acrobat Reader input validation [CVE-2020-24427]medium5.0---
164269Adobe Acrobat Reader signature verification [CVE-2020-24429]medium7.5---
164268Adobe Acrobat Reader signature verification [CVE-2020-24439]medium7.5---
164267Adobe Acrobat Reader input validation [CVE-2020-24432]medium7.5---
164266Adobe Acrobat Reader access control [CVE-2020-24433]medium4.3---
164265Adobe Acrobat Reader heap-based overflow [CVE-2020-24435]medium7.5---
164264BookStack Link cross site scripting [CVE-2020-26211]low4.0---
164263BookStack Link cross site scripting [CVE-2020-26210]low5.0---
164262Facebook WhatsApp/WhatsApp Business Video Call use after freelow5.0---
164261Facebook WhatsApp/WhatsApp Business Siri improper authorizationmedium4.6---
164260IBM App Connect Enterprise Certified Container improper restriction of rendered ui layersmedium6.5---
164259IBM Planning Analytics Local TM1Web User Session user sessionlow4.0---
164258IBM Maximo Anywhere config [CVE-2019-4349]low4.3---
164257Sony KD-65AF8 USB3 Device denial of service [CVE-2020-28207]low4.9---
164256Google Chrome Networking clickjacking [CVE-2020-6557]low5.0---
164255Google Chrome UI buffer overflow [CVE-2020-16011]medium7.5---
164254Google Chrome UI buffer overflow [CVE-2020-16010]medium7.5---
164253Google Chrome v8 heap-based overflow [CVE-2020-16009]medium7.5---
164252Google Chrome WebRTC buffer overflow [CVE-2020-16008]medium7.5---
164251Google Chrome Installer access control [CVE-2020-16007]medium4.3---
164250Google Chrome v8 heap-based overflow [CVE-2020-16006]medium7.5---
164249Google Chrome ANGLE heap-based overflow [CVE-2020-16005]medium7.5---
164248Google Chrome User Interface use after free [CVE-2020-16004]medium7.5---
164247Google Chrome Renderer Process use after free [CVE-2020-15998]medium7.5---
164246Google Chrome Mojo use after free [CVE-2020-15997]medium7.5---
164245Google Chrome Passwords use after free [CVE-2020-15996]medium7.5---
164244Google Chrome v8 out-of-bounds write [CVE-2020-15995]medium7.5---
164243Google Chrome v8 use after free [CVE-2020-15994]medium7.5---
164242Google Chrome Printing use after free [CVE-2020-15993]medium7.5---
164241Google Chrome Same Origin Policy unknown vulnerability [CVE-2020-15992]medium7.5---
164240Google Chrome Password Manager use after free [CVE-2020-15991]medium7.5---
164239Google Chrome Autofill use after free [CVE-2020-15990]medium7.5---
164238Google Chrome PDFium uninitialized pointer [CVE-2020-15989]low5.0---
164237Google Chrome Download access control [CVE-2020-15988]medium7.5---
164236Google Chrome WebRTC Stream use after free [CVE-2020-15987]medium7.5---
164235Google Chrome Media integer overflow [CVE-2020-15986]medium7.5---
164234Google Chrome clickjacking [CVE-2020-15985]medium7.5---
164233Google Chrome Omnibox clickjacking [CVE-2020-15984]medium7.5---
164232Google Chrome webUI improper restriction of rendered ui layerslow4.3---
164231Google Chrome information disclosure [CVE-2020-15982]low5.0---
164230Google Chrome out-of-bounds read [CVE-2020-15981]low5.0---
164229Google Chrome Intents Local Privilege Escalation [CVE-2020-15980]low4.3---
164228Google Chrome v8 heap-based overflow [CVE-2020-15979]medium7.5---
164227Google Chrome Navigation input validation [CVE-2020-15978]medium7.5---
164226Google Chrome Dialog Validation information disclosure [CVE-2020-15977]low5.0---
164225Google Chrome HTML use after free [CVE-2020-15976]medium7.5---
164224Google Chrome SwiftShader integer overflow [CVE-2020-15975]medium7.5---
164223Google Blink integer overflow [CVE-2020-15974]medium7.5---
164222Google Chrome Same Origin Policy unknown vulnerability [CVE-2020-15973]low5.0---
164221Google Chrome Audio use after free [CVE-2020-15972]medium7.5---
164220Google Chrome Renderer Process use after free [CVE-2020-15971]medium7.5---
164219Google Chrome NFC use after free [CVE-2020-15970]medium7.5---
164218Google Chrome WebRTC use after free [CVE-2020-15969]medium7.5---
164217Google Chrome Blink use after free [CVE-2020-15968]medium7.5---
164216Google Chrome Payments use after free [CVE-2020-15967]medium7.5---
164215Swift JSON stack-based overflow [CVE-2020-9861]medium5.2---
164214Module Olea Gift On Order getfile.php pathname traversalmedium5.0---
164213Nextcloud Server WebAuthn improper authentication [CVE-2020-8236]medium5.2---
164212Nextcloud Server API Call credentials storage [CVE-2020-8183]low2.3---
164211Nextcloud Server Encryption random values [CVE-2020-8173]low1.4---
164210browserless-chrome File Path path traversal [CVE-2020-7758]medium5.0---
164209droppy Configuration File path traversal [CVE-2020-7757]medium4.0---
164208Check Point Software Endpoint Security Client Anti-Bot/Threat Emulation uncontrolled search pathlow4.0---
164207Mitsubishi Electric MELSEC iQ-R Network Interface resource consumptionmedium6.4---
164206Mitsubishi Electric MELSEC iQ-R Network Interface argument injectionmedium5.8---
164205Mitsubishi Electric MELSEC iQ-R Network Interface access controlmedium6.4---
164204Mitsubishi Electric MELSEC iQ-R Network Interface null pointer dereferencelow4.3---
164203Mitsubishi Electric MELSEC iQ-R Network Interface IP session fixiationmedium7.5---
164202Mitsubishi Electric MELSEC iQ-R Network Interface buffer overflowmedium5.0---
164201Mitsubishi Electric MELSEC iQ-R/MELSEC iQ-Q/MELSEC iQ-L 02 resource consumptionlow4.3---
164200ProlinOS access control [CVE-2020-28046]medium6.8---
164199ProlinOS Signature insufficient verification of data authenticitylow2.1---
164198ProlinOS Management Mode permission [CVE-2020-28044]medium4.3---
164197MISP REST Client server-side request forgery [CVE-2020-28043]medium5.2---
164196ServiceStack JWT Signature Verification signature verificationlow2.3---
164195Netgear Nighthawk R7000 NAT protection mechanism [CVE-2020-28041]low5.1---
164194WordPress Background Image cross-site request forgery [CVE-2020-28040]low5.0---
164193WordPress File meta.php is_protected_meta path traversalmedium4.1---
164192WordPress Post Slug cross site scripting [CVE-2020-28038]low5.0---
164191WordPress Installation functions.php is_blog_installed access controlmedium6.5---
164190WordPress XML-RPC class-wp-xmlrpc-server.php access controlmedium6.5---
164189WordPress XML-RPC access control [CVE-2020-28035]medium5.2---
164188WordPress Global Variable cross site scripting [CVE-2020-28034]low5.0---
164187WordPress Embed unknown vulnerability [CVE-2020-28033]low4.9---
164186WordPress FilteredIterator.php deserializationmedium4.9---
164185eramba HTTP Host Header injection [CVE-2020-28031]medium4.9---
164184Wireshark GQUIC Dissector packet-gquic.c denial of servicelow5.0---
164183SonarQube Project Endpoint submit improper authenticationmedium7.5---
164182Dr.Fone DriverInstall.exe access controlmedium4.3---
164181IceWarp cross site scripting [CVE-2020-27982]low4.0---
164180Electronic Arts Origin Client access control [CVE-2020-27708]medium9.0---
164179REDCap Messenger cross site scripting [CVE-2020-27359]low4.0---
164178REDCap CSV information disclosure [CVE-2020-27358]low2.7---
164177Bouncy Castle BC/BC-FJA RSA Private Key information exposurelow2.3---
164176WildFly Connection resource consumption [CVE-2020-25689]low4.0---
164175osTicket server-side request forgery [CVE-2020-24881]medium5.8---
164174NeDi pwsec.php cross site scriptinglow4.0---
164173NeDi rt-popup.php cross site scriptinglow4.0---
164172Moxa VPort 461 command injection [CVE-2020-23639]medium6.5---
164171Electronic Arts Origin Client Javascript cross site scriptinglow5.0---
164170Oracle WebLogic Server Remote Code Execution [CVE-2020-14750]high10.0---
164169Foxit Reader Javascript API app.opencPDFWebPage access controlmedium7.5---
164168go-ipfs Routing Table unknown vulnerability [CVE-2020-10937]low4.9---
164167Shun Hu JUUKO K-808 authentication replay [CVE-2018-19025]medium5.8---
164166Shun Hu JUUKO K-800 authentication replay [CVE-2018-17932]medium5.8---
164165QNAP Photo Station Scripting photo_station cross site scriptinglow5.0---
164164QNAP Photo Station Scripting photo_station cross site scriptinglow4.0---
164163QNAP Photo Station cross site scripting [CVE-2018-19954]low5.0---
164162QNAP Music Station SQL Injection sql injection [CVE-2018-19952]medium4.0---
164161QNAP Music Station Scripting cross site scripting [CVE-2018-19951]low5.0---
IDTitleVulDBCVSSSecuniaXForceNessus
164160QNAP Music Station Command command injection [CVE-2018-19950]medium7.5---
164159Qualcomm Snapdragon Auto PDU state issue [CVE-2020-3704]low2.3---
164158Qualcomm Snapdragon Auto Bluetooth buffer overflow [CVE-2020-3703]medium5.2---
164157Qualcomm Snapdragon Auto Permission use after free [CVE-2020-3696]medium4.9---
164156Qualcomm Snapdragon Auto qseecom buffer overflow [CVE-2020-3694]medium5.2---
164155Qualcomm Snapdragon Auto qseecom buffer overflow [CVE-2020-3693]medium5.2---
164154Qualcomm Snapdragon Auto IMEI buffer overflow [CVE-2020-3692]medium5.2---
164153Qualcomm Snapdragon Auto SMUU Configuration unknown vulnerabilitylow4.9---
164152Qualcomm Snapdragon Auto QSEE permission [CVE-2020-3684]medium5.2---
164151Qualcomm Snapdragon Consumer IOT API buffer overflow [CVE-2020-3678]medium5.2---
164150Qualcomm Snapdragon Auto SIP Message buffer overflow [CVE-2020-3673]medium5.2---
164149Qualcomm Snapdragon Auto NAS Transport out-of-bounds read [CVE-2020-3670]low2.3---
164148Qualcomm Snapdragon Auto Device Control array index [CVE-2020-3657]medium6.5---
164147Qualcomm Snapdragon Auto SIP Message buffer overflow [CVE-2020-3654]medium5.2---
164146Qualcomm Snapdragon Auto access control [CVE-2020-3638]medium5.2---
164145Qualcomm Snapdragon Auto array index [CVE-2020-11174]medium4.9---
164144Qualcomm Snapdragon Auto fastRPC Driver race condition [CVE-2020-11173]low4.0---
164143Qualcomm Snapdragon Wired Infrastructure and Networking fscanf stack-based overflowmedium5.2---
164142Qualcomm Snapdragon Auto L2CAP Packet integer overflow [CVE-2020-11169]low4.9---
164141Qualcomm Snapdragon Auto Perfdump access control [CVE-2020-11164]medium5.2---
164140Qualcomm Snapdragon Auto MHI Driver buffer overflow [CVE-2020-11162]medium5.2---
164139Qualcomm Snapdragon Auto Control Message denial of service [CVE-2020-11157]low2.3---
164138Qualcomm Snapdragon Auto Bluetooth buffer overflow [CVE-2020-11156]medium5.2---
164137Qualcomm Snapdragon Auto Bluetooth buffer overflow [CVE-2020-11155]medium5.2---
164136Qualcomm Snapdragon Auto Bluetooth buffer overflow [CVE-2020-11154]medium5.2---
164135Qualcomm Snapdragon Auto GATT Data out-of-bounds read [CVE-2020-11153]medium6.5---
164134Qualcomm Snapdragon Auto Bluetooth estack buffer overflow [CVE-2020-11141]medium5.2---
164133Qualcomm Snapdragon Auto MHI Command out-of-bounds read [CVE-2020-11125]low2.3---
164132Qualcomm Snapdragon Compute Bluetooth buffer overflow [CVE-2020-11114]medium4.3---
164131MailGates/MailAudit command injection [CVE-2020-25849]medium9.0---
164130vBulletin subWidgets Data widget_tabbedcontainer_tab_panel command injectionmedium6.0---
164129NVIDIA CUDA Toolkit NVJPEG Library out-of-bounds write [CVE-2020-5991]medium5.2---
164128VMware Tanzu SSO Operator Dashboard improper authentication [CVE-2020-5425]medium5.2---
164127IBM i2 iBase unrestricted upload [CVE-2020-4588]medium6.8---
164126IBM i2 iBase information exposure [CVE-2020-4584]low4.0---
164125apt Error Message path traversal [CVE-2020-15703]medium8.3---
164124baserCMS Edit Template unrestricted upload [CVE-2020-15277]low5.8---
164123baserCMS Blog Comment cross site scripting [CVE-2020-15276]low4.0---
164122baserCMS Edit Feed Settings cross site scripting [CVE-2020-15273]low4.0---
164121Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock buffer overflowmedium7.7---
164120codemirror Regular Expression incorrect regex [CVE-2020-7760]medium5.0---
164119Pimcore sql injection [CVE-2020-7759]medium5.8---
164118F5 BIG-IP IPSec Tunnel inadequate encryption [CVE-2020-5938]low2.6---
164117F5 BIG-IP AFM Traffic Management Microkernel denial of servicelow2.3---
164116Big BIG-IP LTM Traffic Management Microkernel resource consumptionlow5.0---
164115F5 BIG-IP MQTT Traffic denial of service [CVE-2020-5935]low2.3---
164114F5 BIG-IP APM SLO URL denial of service [CVE-2020-5934]low2.3---
164113F5 BIG-IP HTTP Compression resource consumption [CVE-2020-5933]low2.3---
164112F5 BIG-IP ASM Configuration Utility cross site scripting [CVE-2020-5932]low4.0---
164111F5 BIG-IP OneConnect Profile resource consumption [CVE-2020-5931]low2.3---
164110IBM Resilient SOAR authentication spoofing [CVE-2020-4864]medium4.9---
164109IBM i2 Analyst Notebook memory corruption [CVE-2020-4724]medium7.5---
164108IBM i2 Analyst Notebook memory corruption [CVE-2020-4723]medium7.5---
164107IBM i2 Analyst Notebook memory corruption [CVE-2020-4722]medium7.5---
164106IBM i2 Analyst Notebook Memory memory corruption [CVE-2020-4721]medium7.5---
164105FastReport GetProcAddress inadequate encryptionlow4.9---
164104SmartStoreNET unknown vulnerability [CVE-2020-27996]low4.9---
164103Zoho ManageEngine Applications Manager MyPage.do sql injectionmedium5.2---
164102Hrsale pathname traversal [CVE-2020-27993]low2.7---
164101EyesOfNetwork AutoDiscovery Module autodiscovery.php os command injectionmedium5.2---
164100EyesOfNetwork eonweb Web Interface functions.php username_available sql injectionmedium5.8---
164099WSO2 API Manager cross site scripting [CVE-2020-27885]low4.0---
164098Click Studios Passwordstate PIN Generator information disclosurelow2.1---
164097Western Digital My Cloud NAS access control [CVE-2020-27744]medium6.5---
164096Trend Micro Antivirus information exposure [CVE-2020-27015]low1.7---
164095Trend Micro Antivirus Web Threat Protection race condition [CVE-2020-27014]low2.3---
164094Sal machine_list cross site scriptinglow4.0---
164093Commvault CommCell pathname traversal [CVE-2020-25780]medium5.2---
164092Ansible Community Private Key openssl_privatekey_info log filelow4.0---
164091WSO2 Enterprise Integrator BPMN Explorer Task cross site scriptinglow4.0---
164090Broadleaf Scripting HTTP POST cross site scripting [CVE-2020-21266]low4.0---
164089Samba Winbind service null pointer dereference [CVE-2020-14323]low1.7---
164088IBM Security Directory Server Authorization Token missing secure attributelow2.6---
164087IBM Security Directory Server information exposure [CVE-2019-4547]low5.0---
164086Rapid7 Metasploit APK File command injection [CVE-2020-7384]medium7.5---
164085chart.js Options Parameter code injection [CVE-2020-7746]medium5.0---
164084Synology Router Manager Set-Cookie Header cookie without 'httponly' flaglow2.6---
164083Synology Router Manager DDNS channel accessible [CVE-2020-27657]low2.6---
164082Synology DiskStation Manager DDNS channel accessible [CVE-2020-27656]low2.6---
164081Synology Router Manager QuickConnect access control [CVE-2020-27655]medium7.5---
164080Synology Router Manager lbd tcp access controlmedium6.5---
164079Synology Router Manager QuickConnect channel accessible [CVE-2020-27653]low5.1---
164078Synology DiskStation Manager QuickConnect channel accessiblelow5.1---
164077Synology Router Manager missing secure attribute [CVE-2020-27651]low2.6---
164076Synology DiskStation Manager missing secure attribute [CVE-2020-27650]low2.6---
164075Synology Router Manager OpenVPN Client certificate validationmedium7.5---
164074Synology DiskStation Manager OpenVPN Client channel accessiblelow5.1---
164073SonarQube values missing encryption [Disputed]low4.0---
164072Firefly III Auto-Complete cross site scripting [CVE-2020-27981]low2.1---
164071Genexis Platinum-4410 cross site scripting [CVE-2020-27980]low4.0---
164070Citadel WebCit Object Reference msg_confirm_move authorizationmedium4.0---
164069Citadel WebCit Parameter cross site scripting [CVE-2020-27741]low4.0---
164068Citadel WebCit information disclosure [CVE-2020-27740]low4.3---
164067Citadel WebCit user session [CVE-2020-27739]medium6.8---
164066Dual DHCP DNS Server DualServer.exe access controlmedium4.3---
164065Home DNS Server HomeDNSServer.exe access controlmedium4.3---
164064Open DHCP Server OpenDHCPServer.exe access controlmedium5.2---
164063Open TFTP Server Multithreaded OpenTFTPServerMT.exe access controlmedium5.2---
164062Sectona Spectra SOAP API Endpoint improper authentication [CVE-2020-25966]medium3.3---
164061CyberArk Privileged Session Manager Error Popup Message information disclosurelow2.3---
164060God Kings App Push Notification improper authorization [CVE-2020-25204]medium4.3---
164059QSC Q-SYS Core Manager TFTP Service passwd pathname traversalmedium6.5---
164058Gophish Cookie session expiration [CVE-2020-24713]medium5.2---
164057Gophish Account Settings Page cross site scripting [CVE-2020-24712]low4.0---
164056Gophish Account Settings Page denial of service [CVE-2020-24711]low2.3---
164055Gophish server-side request forgery [CVE-2020-24710]medium5.2---
164054Gophish Landing Page/Email Template cross site scripting [CVE-2020-24709]low4.0---
164053Gophish Send Profile Form cross site scripting [CVE-2020-24708]low4.0---
164052Gophish CSV csv injection [CVE-2020-24707]low4.9---
164051Winston Configuration unknown vulnerability [CVE-2020-16263]medium7.5---
164050Winston access control [CVE-2020-16262]medium6.8---
164049Winston U-Boot Interrupt access control [CVE-2020-16261]medium6.8---
164048Winston improper authorization [CVE-2020-16260]medium6.5---
164047Winston permission assignment [CVE-2020-16259]medium4.9---
164046Winston Monit Service hard-coded credentials [CVE-2020-16258]medium5.8---
164045Winston API cross-site request forgery [CVE-2020-16256]low4.0---
164044NVIDIA DGX AMI BMC Firmware weak prng [CVE-2020-11616]low2.3---
164043NVIDIA DGX Cipher Key hard-coded key [CVE-2020-11615]low2.3---
164042NVIDIA DGX-1/DGX-2 AMI BMC Firmware information disclosure [CVE-2020-11489]low5.0---
164041NVIDIA DGX-1/DGX-2 Firmware Signature code download [CVE-2020-11488]low4.9---
164040NVIDIA DGX-1/DGX-2/DGX A100 AMI BMC Firmware hard-coded key [CVE-2020-11487]low2.3---
164039NVIDIA DGX-1 AMI BMC Firmware unrestricted upload [CVE-2020-11486]medium6.0---
164038NVIDIA DGX-1 cross-site request forgery [CVE-2020-11485]low4.0---
164037NVIDIA DGX-1 AMI BMC Firmware IPMI information disclosurelow1.9---
164036NVIDIA DGX-1/DGX-2 AMI BMC Firmware hard-coded credentials [CVE-2020-11483]medium5.8---
164035QNAP QTS cross site scripting [CVE-2018-19953]low4.0---
164034QNAP QTS command injection [CVE-2018-19949]medium6.5---
164033QNAP QTS cross site scripting [CVE-2018-19943]low4.0---
164032IBM WebSphere Application Server path traversal [CVE-2020-4782]medium6.0---
164031Microsoft Sterling Connect Direct buffer overflow [CVE-2020-4767]medium4.0---
164030Shibboleth Identify Provider Login Flow denial of service [CVE-2020-27978]low4.3---
164029osCommerce Phoenix CE POST Parameter mail.php os command injectionmedium6.5---
164028osCommerce Phoenix CE define_language.php cross-site request forgerylow4.0---
164027NeoPost Mail Accounting Software Pro FUS_SCM_BlockStart.php cross site scriptinglow4.0---
164026Grafana Query cross site scripting [CVE-2020-24303]low4.0---
164025Snap7 Server COTP Protocol denial of service [CVE-2020-22552]low2.3---
164024Winston API command injection [CVE-2020-16257]medium5.2---
164023Red Discord Bot Mod Module access control [CVE-2020-15278]medium6.5---
164022Pulse Connect Secure User Web Interface cross site scriptinglow4.0---
164021Pulse Connect Secure/Pulse Policy Secure User Web Interface cross site scriptinglow4.0---
164020Pulse Connect Secure/Pulse Policy Secure Cookie buffer overflowmedium5.2---
164019Pulse Connect Secure Admin Web Interface unrestricted uploadmedium6.5---
164018Pulse Connect Secure Admin Web Interface input validation [CVE-2020-8255]medium6.5---
164017Pulse Secure Desktop Client Dynamic Certificate Trust path traversalmedium7.5---
164016Pulse Secure Desktop Client access control [CVE-2020-8250]medium4.3---
164015Pulse Secure Desktop Client buffer overflow [CVE-2020-8249]medium4.3---
164014Pulse Secure Desktop Client access control [CVE-2020-8248]medium4.3---
164013Pulse Secure Desktop Client channel accessible [CVE-2020-8241]medium5.1---
164012Pulse Secure Desktop Client Embedded Browser unknown vulnerabilitylow4.9---
164011Pulse Secure Desktop Client Registry Privileges access controlmedium5.2---
164010Mozilla Firefox EC Scalar Point Multiplication key managementlow1.4---
164009SonicWALL Global VPN Client Library uncontrolled search pathmedium6.0---
164008SonicWALL Global VPN Client untrusted search path [CVE-2020-5144]medium6.8---
164007Apple Music Application information disclosure [CVE-2020-9982]low1.7---
164006Apple tvOS Assets resource transfer [CVE-2020-9979]medium4.1---
164005Apple tvOS Web Contents memory corruption [CVE-2020-9932]medium7.5---
164004Apple iOS/iPadOS Web Contents memory corruption [CVE-2020-9932]medium7.5---
164003Apple Safari Web Contents memory corruption [CVE-2020-9932]medium7.5---
164002Apple Safari Javascript input validation [CVE-2020-9860]medium7.5---
164001Apple macOS Application access control [CVE-2020-9786]medium4.3---
164000Apple macOS Path Validation path traversal [CVE-2020-9782]low4.9---
163999Apple macOS Siri Suggestion access control [CVE-2020-9774]low2.7---
163998dat.gui RGB/RGBA incorrect regex [CVE-2020-7755]low5.0---
163997Apple macOS Image out-of-bounds read [CVE-2020-3880]low6.5---
163996Apple tvOS Image out-of-bounds read [CVE-2020-3880]low6.5---
163995Apple iOS/iPadOS Image out-of-bounds read [CVE-2020-3880]low6.5---
163994Apple watchOS Image out-of-bounds read [CVE-2020-3880]low6.5---
163993Apple macOS Application memory corruption [CVE-2020-3863]medium6.8---
163992MediaWiki RandomGameUnit Extension hard-coded credentials [CVE-2020-27957]medium3.3---
163991SourceCodester Car Rental Management System File Upload unrestricted uploadmedium6.0---
163990Texas Instruments CC2538 Zigbee Protocol zclParseInDiscCmdsRspCmd stack-based overflowlow2.7---
163989Texas Instruments CC2538 Zigbee Protocol zclHandleExternal stack-based overflowlow2.7---
163988Texas Instruments CC2538 Zigbee Protocol zclParseInWriteCmd stack-based overflowlow2.7---
163987Ubiquiti UniFi Meshing Access Point UAP-AC-M Credential Cache state issuelow4.0---
163986Wire AVS/Secure Messenger sdp.c sdp_media_set_lattr denial of servicelow5.0---
163985Western Digital My Cloud NAS AvailableApps.php privileges managementmedium6.0---
163984Western Digital My Cloud NAS DsdkProxy.php input validationmedium6.0---
163983Western Digital My Cloud cgi_api.php access controlmedium6.5---
163982Western Digital My Cloud reg_device.php input validationmedium6.0---
163981Greenmart Theme Search cross site scripting [CVE-2020-16140]low4.0---
163980Blueman D-Bus Interface argument injection [CVE-2020-15238]medium4.6---
163979Western Digital My Cloud buffer overflow [CVE-2020-12830]medium6.5---
163978Apple iOS/iPadOS SSH signature verification [CVE-2019-8901]low2.6---
163977Apple iTunes Storage Access API information disclosure [CVE-2019-8898]low5.0---
163976Apple Safari Storage Access API information disclosure [CVE-2019-8898]low5.0---
163975Apple tvOS Storage Access API information disclosure [CVE-2019-8898]low5.0---
163974Apple iOS/iPadOS Storage Access API information disclosure [CVE-2019-8898]low5.0---
163973Apple macOS State Management state issue [CVE-2019-8858]low2.6---
163972Apple iOS/iPadOS Live Photo information disclosure [CVE-2019-8857]low2.3---
163971Apple macOS API state issue [CVE-2019-8856]low4.3---
163970Apple watchOS API state issue [CVE-2019-8856]low4.3---
163969Apple iOS/iPadOS API state issue [CVE-2019-8856]low4.3---
163968Apple macOS Restrictions sandbox [CVE-2019-8855]medium4.3---
163967Apple tvOS MAC Address information disclosure [CVE-2019-8854]low1.8---
163966Apple watchOS MAC Address information disclosure [CVE-2019-8854]low1.8---
163965Apple macOS MAC Address information disclosure [CVE-2019-8854]low1.8---
163964Apple macOS Application memory corruption [CVE-2019-8852]medium6.8---
163963Apple macOS State Management improper authentication [CVE-2019-8851]medium4.6---
163962Apple watchOS Audio File out-of-bounds read [CVE-2019-8850]low5.0---
163961Apple tvOS Audio File out-of-bounds read [CVE-2019-8850]low5.0---
163960Apple iOS/iPadOS Audio File out-of-bounds read [CVE-2019-8850]low5.0---
163959Apple macOS Audio File out-of-bounds read [CVE-2019-8850]low5.0---
163958Apple iTunes Application access control [CVE-2019-8848]medium4.3---
163957Apple iOS/iPadOS Application access control [CVE-2019-8848]medium4.3---
163956Apple macOS Application access control [CVE-2019-8848]medium4.3---
163955Apple iCloud Application access control [CVE-2019-8848]medium4.3---
163954Apple watchOS Application access control [CVE-2019-8848]medium4.3---
163953Apple tvOS Application access control [CVE-2019-8848]medium4.3---
163952Apple macOS Application memory corruption [CVE-2019-8847]medium6.8---
163951Apple iTunes Web Contents use after free [CVE-2019-8846]medium7.5---
163950Apple Safari Web Contents use after free [CVE-2019-8846]medium7.5---
163949Apple iOS/iPadOS Web Contents use after free [CVE-2019-8846]medium7.5---
163948Apple iCloud Web Contents use after free [CVE-2019-8846]medium7.5---
163947Apple tvOS Web Contents use after free [CVE-2019-8846]medium7.5---
163946Apple iTunes Web Contents memory corruption [CVE-2019-8844]medium7.5---
163945Apple Safari Web Contents memory corruption [CVE-2019-8844]medium7.5---
163944Apple iOS/iPadOS Web Contents memory corruption [CVE-2019-8844]medium7.5---
163943Apple iCloud Web Contents memory corruption [CVE-2019-8844]medium7.5---
163942Apple watchOS Web Contents memory corruption [CVE-2019-8844]medium7.5---
163941Apple tvOS Web Contents memory corruption [CVE-2019-8844]medium7.5---
163940Apple macOS Print Job buffer overflow [CVE-2019-8842]medium7.5---
163939Apple iOS/iPadOS access control [CVE-2019-8841]medium6.8---
163938Apple Xcode out-of-bounds read [CVE-2019-8840]low5.1---
163937Apple macOS Privileges denial of service [CVE-2019-8839]low2.1---
163936Apple tvOS Application memory corruption [CVE-2019-8838]medium6.8---
163935Apple macOS Application memory corruption [CVE-2019-8838]medium6.8---
163934Apple watchOS Application memory corruption [CVE-2019-8838]medium6.8---
163933Apple iOS/iPadOS Application memory corruption [CVE-2019-8838]medium6.8---
163932Apple macOS access control [CVE-2019-8837]medium4.3---
163931Apple tvOS Application memory corruption [CVE-2019-8836]medium6.8---
163930Apple iOS/iPadOS Application memory corruption [CVE-2019-8836]medium6.8---
163929Apple watchOS Application memory corruption [CVE-2019-8836]medium6.8---
163928Apple iTunes Web Contents memory corruption [CVE-2019-8835]medium7.5---
163927Apple Safari Web Contents memory corruption [CVE-2019-8835]medium7.5---
163926Apple iOS/iPadOS Web Contents memory corruption [CVE-2019-8835]medium7.5---
163925Apple iCloud Web Contents memory corruption [CVE-2019-8835]medium7.5---
163924Apple tvOS Web Contents memory corruption [CVE-2019-8835]medium7.5---
163923Apple iTunes HSTS Preload access control [CVE-2019-8834]medium5.1---
163922Apple iOS/iPadOS HSTS Preload access control [CVE-2019-8834]medium5.1---
163921Apple macOS HSTS Preload access control [CVE-2019-8834]medium5.1---
163920Apple iCloud HSTS Preload access control [CVE-2019-8834]medium5.1---
163919Apple watchOS HSTS Preload access control [CVE-2019-8834]medium5.1---
163918Apple tvOS HSTS Preload access control [CVE-2019-8834]medium5.1---
163917Apple tvOS Application memory corruption [CVE-2019-8833]medium6.8---
163916Apple macOS Application memory corruption [CVE-2019-8833]medium6.8---
163915Apple watchOS Application memory corruption [CVE-2019-8833]medium6.8---
163914Apple iOS/iPadOS Application memory corruption [CVE-2019-8833]medium6.8---
163913Apple tvOS Application memory corruption [CVE-2019-8832]medium6.8---
163912Apple macOS Application memory corruption [CVE-2019-8832]medium6.8---
163911Apple watchOS Application memory corruption [CVE-2019-8832]medium6.8---
163910Apple iOS/iPadOS Application memory corruption [CVE-2019-8832]medium6.8---
163909Apple watchOS memory corruption [CVE-2019-8831]medium6.8---
163908Apple tvOS memory corruption [CVE-2019-8831]medium6.8---
163907Apple iOS/iPadOS memory corruption [CVE-2019-8831]medium6.8---
163906Apple macOS memory corruption [CVE-2019-8831]medium6.8---
163905Apple iOS/iPadOS FaceTime out-of-bounds read [CVE-2019-8830]medium7.5---
163904Apple macOS FaceTime out-of-bounds read [CVE-2019-8830]medium7.5---
163903Apple watchOS FaceTime out-of-bounds read [CVE-2019-8830]medium7.5---
163902Apple tvOS FaceTime out-of-bounds read [CVE-2019-8830]medium7.5---
163901Apple tvOS Application memory corruption [CVE-2019-8829]medium6.8---
163900Apple iOS/iPadOS Application memory corruption [CVE-2019-8829]medium6.8---
163899Apple watchOS Application memory corruption [CVE-2019-8829]medium6.8---
163898Apple macOS Application memory corruption [CVE-2019-8829]medium6.8---
163897Apple tvOS Application memory corruption [CVE-2019-8828]medium6.8---
163896Apple watchOS Application memory corruption [CVE-2019-8828]medium6.8---
163895Apple macOS Application memory corruption [CVE-2019-8828]medium6.8---
163894Apple iOS/iPadOS Application memory corruption [CVE-2019-8828]medium6.8---
163893Apple iOS/iPadOS WebKit information disclosure [CVE-2019-8827]low1.5---
163892Apple tvOS WebKit information disclosure [CVE-2019-8827]low1.5---
163891Apple iTunes WebKit information disclosure [CVE-2019-8827]low1.5---
163890Apple Safari WebKit information disclosure [CVE-2019-8827]low1.5---
163889Apple macOS State Management memory corruption [CVE-2019-8826]medium7.5---
163888Apple iTunes State Management memory corruption [CVE-2019-8825]medium6.5---
163887Apple iCloud State Management memory corruption [CVE-2019-8825]medium6.5---
163886Apple iOS State Management memory corruption [CVE-2019-8825]medium6.5---
163885Apple macOS State Management memory corruption [CVE-2019-8825]medium6.5---
163884Apple macOS State Management memory corruption [CVE-2019-8824]medium6.8---
163883Apple tvOS information disclosure [CVE-2019-8809]low1.7---
163882Apple watchOS information disclosure [CVE-2019-8809]low1.7---
163881Apple iOS/iPadOS information disclosure [CVE-2019-8809]low1.7---
163880Apple macOS information disclosure [CVE-2019-8809]low1.7---
163879Apple tvOS random values [CVE-2019-8799]low2.1---
163878Apple watchOS random values [CVE-2019-8799]low2.1---
163877Apple macOS random values [CVE-2019-8799]low2.1---
163876Apple iOS/iPadOS random values [CVE-2019-8799]low2.1---
163875Apple watchOS Airdrop access control [CVE-2019-8796]medium4.6---
163874Apple iOS/iPadOS Airdrop access control [CVE-2019-8796]medium4.6---
163873Apple macOS Airdrop access control [CVE-2019-8796]medium4.6---
163872Apple Swift File Descriptor information disclosure [CVE-2019-8790]low2.3---
163871Apple tvOS Kernel Memory information disclosure [CVE-2019-8780]low1.7---
163870Apple iOS/iPadOS Kernel Memory information disclosure [CVE-2019-8780]low1.7---
163869Apple macOS Address Book information disclosure [CVE-2019-8777]low2.1---
163868Appl macOS Application memory corruption [CVE-2019-8776]medium6.8---
163867Apple macOS iBooks File resource consumption [CVE-2019-8774]low5.0---
163866Apple iOS/iPadOS iBooks File resource consumption [CVE-2019-8774]low5.0---
163865Apple iTunes Web Contents memory corruption [CVE-2019-8773]medium7.5---
163864Apple watchOS Web Contents memory corruption [CVE-2019-8773]medium7.5---
163863Apple tvOS Web Contents memory corruption [CVE-2019-8773]medium7.5---
163862Apple iCloud Web Contents memory corruption [CVE-2019-8773]medium7.5---
163861Apple iOS/iPadOS Web Contents memory corruption [CVE-2019-8773]medium7.5---
163860Apple Safari Web Contents memory corruption [CVE-2019-8773]medium7.5---
163859Apple iOS iFrame Sandbox sandbox [CVE-2019-8771]medium7.5---
163858Apple Safari iFrame Sandbox sandbox [CVE-2019-8771]medium7.5---
163857Apple iTunes Web Contents cross site scripting [CVE-2019-8762]low5.0---
163856Apple watchOS Web Contents cross site scripting [CVE-2019-8762]low5.0---
163855Apple tvOS Web Contents cross site scripting [CVE-2019-8762]low5.0---
163854Apple iCloud Web Contents cross site scripting [CVE-2019-8762]low5.0---
163853Apple iOS/iPadOS Web Contents cross site scripting [CVE-2019-8762]low5.0---
163852Apple Safari Web Contents cross site scripting [CVE-2019-8762]low5.0---
163846Apple macOS iFrame unknown vulnerability [CVE-2019-8754]low5.0---
163845Apple tvOS Web Contents cross site scripting [CVE-2019-8753]low5.0---
163844Apple iOS Web Contents cross site scripting [CVE-2019-8753]low5.0---
163843Apple watchOS Web Contents cross site scripting [CVE-2019-8753]low5.0---
163842Apple macOS Web Contents cross site scripting [CVE-2019-8753]low5.0---
163841Apple iTunes Web Contents memory corruption [CVE-2019-8752]medium7.5---
163840Apple watchOS Web Contents memory corruption [CVE-2019-8752]medium7.5---
163839Apple tvOS Web Contents memory corruption [CVE-2019-8752]medium7.5---
163838Apple iCloud Web Contents memory corruption [CVE-2019-8752]medium7.5---
163837Apple iOS/iPadOS Web Contents memory corruption [CVE-2019-8752]medium7.5---
163836Apple Safari Web Contents memory corruption [CVE-2019-8752]medium7.5---
163835Apple iTunes Web Contents memory corruption [CVE-2019-8751]medium7.5---
163834Apple watchOS Web Contents memory corruption [CVE-2019-8751]medium7.5---
163833Apple tvOS Web Contents memory corruption [CVE-2019-8751]medium7.5---
163832Apple iCloud Web Contents memory corruption [CVE-2019-8751]medium7.5---
163831Apple iOS/iPadOS Web Contents memory corruption [CVE-2019-8751]medium7.5---
163830Apple Safari Web Contents memory corruption [CVE-2019-8751]medium7.5---
163825Apple iTunes Application out-of-bounds read [CVE-2019-8746]low3.5---
163824Apple watchOS Application out-of-bounds read [CVE-2019-8746]low3.5---
163823Apple tvOS Application out-of-bounds read [CVE-2019-8746]low3.5---
163822Apple iCloud Application out-of-bounds read [CVE-2019-8746]low3.5---
163821Apple iOS Application out-of-bounds read [CVE-2019-8746]low3.5---
163820Apple macOS Application out-of-bounds read [CVE-2019-8746]low3.5---
163817Apple tvOS Application memory corruption [CVE-2019-8740]medium4.3---
163816Apple watchOS Application memory corruption [CVE-2019-8740]medium4.3---
163815Apple iOS/iPadOS Application memory corruption [CVE-2019-8740]medium4.3---
163814Apple iTunes Web Contents memory corruption [CVE-2019-8734]medium7.5---
163813Apple watchOS Web Contents memory corruption [CVE-2019-8734]medium7.5---
163812Apple tvOS Web Contents memory corruption [CVE-2019-8734]medium7.5---
163811Apple Safari Web Contents memory corruption [CVE-2019-8734]medium7.5---
163810Apple iCloud Web Contents memory corruption [CVE-2019-8734]medium7.5---
163809Apple iOS Web Contents memory corruption [CVE-2019-8734]medium7.5---
163808Apple iOS Call information disclosure [CVE-2019-8732]low1.7---
163807Apple iTunes Web Contents memory corruption [CVE-2019-8728]medium7.5---
163806Apple tvOS Web Contents memory corruption [CVE-2019-8728]medium7.5---
163805Apple watchOS Web Contents memory corruption [CVE-2019-8728]medium7.5---
163804Apple Safari Web Contents memory corruption [CVE-2019-8728]medium7.5---
163803Apple iCloud Web Contents memory corruption [CVE-2019-8728]medium7.5---
163802Apple iOS Web Contents memory corruption [CVE-2019-8728]medium7.5---
163801Apple tvOS Application memory corruption [CVE-2019-8718]medium6.8---
163800Apple iOS Application memory corruption [CVE-2019-8718]medium6.8---
163799Apple watchOS Application memory corruption [CVE-2019-8718]medium6.8---
163797Apple tvOS Application memory corruption [CVE-2019-8712]medium6.8---
163796Apple iOS Application memory corruption [CVE-2019-8712]medium6.8---
163795Apple watchOS Application memory corruption [CVE-2019-8712]medium6.8---
163794Apple iOS Application memory corruption [CVE-2019-8709]medium6.8---
163793Apple watchOS Application memory corruption [CVE-2019-8709]medium6.8---
163792Apple tvOS Application memory corruption [CVE-2019-8709]medium6.8---
163791Apple macOS Application memory corruption [CVE-2019-8709]medium6.8---
163786Apple macOS buffer overflow [CVE-2019-8696]medium4.6---
163785Sierra macOS buffer overflow [CVE-2019-8675]medium5.2---
163784Apple watchOS Image denial of service [CVE-2019-8668]low5.0---
163783Apple tvOS Image denial of service [CVE-2019-8668]low5.0---
163782Apple iOS Image denial of service [CVE-2019-8668]low5.0---
163781Apple watchOS Message denial of service [CVE-2019-8664]low2.3---
163780Apple iOS Message denial of service [CVE-2019-8664]low2.3---
163779Apple macOS MIME inadequate encryption [CVE-2019-8645]low2.6---
163778Apple macOS SMIME Certificate certificate validationmedium5.8---
163777Apple macOS sandbox [CVE-2019-8640]medium7.5---
163776Apple Safari Web Contents memory corruption [CVE-2019-8639]medium7.5---
163775Apple iTunes Web Contents memory corruption [CVE-2019-8639]medium7.5---
163774Apple iOS Web Contents memory corruption [CVE-2019-8639]medium7.5---
163773Apple iCloud Web Contents memory corruption [CVE-2019-8639]medium7.5---
163772Apple watchOS Web Contents memory corruption [CVE-2019-8639]medium7.5---
163771Apple Safari Web Contents memory corruption [CVE-2019-8638]medium7.5---
163770Apple iTunes Web Contents memory corruption [CVE-2019-8638]medium7.5---
163769Apple iOS Web Contents memory corruption [CVE-2019-8638]medium7.5---
163768Apple iCloud Web Contents memory corruption [CVE-2019-8638]medium7.5---
163767Apple watchOS Web Contents memory corruption [CVE-2019-8638]medium7.5---
163766Apple watchOS memory corruption [CVE-2019-8633]low1.7---
163765Apple tvOS memory corruption [CVE-2019-8633]low1.7---
163764Apple iOS memory corruption [CVE-2019-8633]low1.7---
163763Apple macOS memory corruption [CVE-2019-8633]low1.7---
163762Apple tvOS iMessage Conversation access control [CVE-2019-8631]medium6.4---
163761Apple iOS iMessage Conversation access control [CVE-2019-8631]medium6.4---
163760Apple macOS iMessage Conversation access control [CVE-2019-8631]medium6.4---
163759Apple iOS sandbox [CVE-2019-8618]medium7.5---
163758Apple macOS sandbox [CVE-2019-8618]medium7.5---
163757Apple watchOS sandbox [CVE-2019-8618]medium7.5---
163750Apple iOS Font File out-of-bounds read [CVE-2019-8582]low5.0---
163749Apple macOS Font File out-of-bounds read [CVE-2019-8582]low5.0---
163748Apple iTunes Font File out-of-bounds read [CVE-2019-8582]low5.0---
163747Apple tvOS Font File out-of-bounds read [CVE-2019-8582]low5.0---
163746Apple iCloud Font File out-of-bounds read [CVE-2019-8582]low5.0---
163745Apple macOS input validation [CVE-2019-8579]medium4.3---
163744Apple watchOS denial of service [CVE-2019-8573]medium6.3---
163743Apple iOS denial of service [CVE-2019-8573]medium6.3---
163742Apple macOS denial of service [CVE-2019-8573]medium6.3---
163741Apple tvOS User Information information disclosure [CVE-2019-8570]low5.0---
163740Apple Safari User Information information disclosure [CVE-2019-8570]low5.0---
163739Apple iTunes User Information information disclosure [CVE-2019-8570]low5.0---
163738Apple iCloud User Information information disclosure [CVE-2019-8570]low5.0---
163737Apple iOS User Information information disclosure [CVE-2019-8570]low5.0---
163736Apple macOS Driver unknown vulnerability [CVE-2019-8564]low4.9---
163733Apple macOS initialization [CVE-2019-8539]medium6.8---
163732Apple macOS VCF File denial of service [CVE-2019-8538]low5.0---
163731Apple watchOS VCF File denial of service [CVE-2019-8538]low5.0---
163730Apple macOS Application memory corruption [CVE-2019-8534]medium6.8---
163729Apple iOS Application permission [CVE-2019-8532]medium4.3---
163728Apple watchOS Application permission [CVE-2019-8532]medium4.3---
163727Apple iOS Server Certificate certificate validation [CVE-2019-8531]medium5.8---
163726Apple watchOS Server Certificate certificate validation [CVE-2019-8531]medium5.8---
163725Apple macOS Server Certificate certificate validation [CVE-2019-8531]medium5.8---
163724Apple macOS Application use after free [CVE-2019-8528]medium6.4---
163723Apple watchOS Application use after free [CVE-2019-8528]medium6.4---
163722Apple iOS Application use after free [CVE-2019-8528]medium6.4---
163718Apple macOS Validation symlink [CVE-2019-6238]medium4.3---
163717Apple tvOS memory allocation [CVE-2018-4474]low2.3---
163716Apple iTunes memory allocation [CVE-2018-4474]low2.3---
163715Apple Safari memory allocation [CVE-2018-4474]low2.3---
163714Apple watchOS memory allocation [CVE-2018-4474]low2.3---
163713Apple iCloud memory allocation [CVE-2018-4474]low2.3---
163712Apple iOS memory allocation [CVE-2018-4474]low2.3---
163711Apple macOS Application access control [CVE-2018-4468]medium4.3---
163710Apple macOS memory corruption [CVE-2018-4451]medium5.2---
163709Apple tvOS Memory Initialization memory corruption [CVE-2018-4448]low1.7---
163708Apple watchOS Memory Initialization memory corruption [CVE-2018-4448]low1.7---
163707Apple iOS Memory Initialization memory corruption [CVE-2018-4448]low1.7---
163706Apple macOS Memory Initialization memory corruption [CVE-2018-4448]low1.7---
163705Apple iTunes User Information information disclosure [CVE-2018-4444]low5.0---
163704Apple tvOS User Information information disclosure [CVE-2018-4444]low5.0---
163703Apple iOS User Information information disclosure [CVE-2018-4444]low5.0---
163702Apple Safarai User Information information disclosure [CVE-2018-4444]low5.0---
163701Apple tvOS Configuration access control [CVE-2018-4433]medium4.3---
163700Apple iOS Configuration access control [CVE-2018-4433]medium4.3---
163699Apple watchOS Configuration access control [CVE-2018-4433]medium4.3---
163698Apple macOS Configuration access control [CVE-2018-4433]medium4.3---
163697Apple iOS Lockscreen access control [CVE-2018-4428]low2.1---
163692Apple tvOS Message resource consumption [CVE-2018-4381]low3.5---
163691Apple iOS Message resource consumption [CVE-2018-4381]low3.5---
163690Apple iOS Entitlement information disclosure [CVE-2018-4339]low1.7---
163689Apple macOS DiskArbitration permission [CVE-2018-4296]medium5.2---
163688NetApp Clustered Data ONTAP Intercluster LIF denial of servicelow5.0---
163687npm-user-validate Email Validator incorrect regex [CVE-2020-7754]medium5.0---
163686Check Point ZoneAlarm Anti-Ransomware untrusted search path [CVE-2020-6023]medium4.3---
163685Check Point ZoneAlarm Anti-Ransomware permission [CVE-2020-6022]medium3.2---
163684Victor CMS category.php sql injectionmedium5.0---
163683IObit Malware Fighter Privileges uncontrolled search path [CVE-2020-23864]medium6.8---
163682Micro Focus Operation Bridge Manager/Operation Bridge Privileges access controlmedium6.8---
163681Micro Focus Operation bridge Manager improper authenticationhigh10.0---
1636801Password command-line tool/SCIM Bridge prng seed [CVE-2020-10256]low2.6---
163679Pulse Secure Desktop Save information disclosure [CVE-2020-8956]low2.3---
163678trim Package Regular Expression incorrect regexlow2.3---
163677konzept-ix publiXone RemoteFunctions Endpoint access controlmedium6.5---
163676konzept-ix publiXone appletError.jsp cross site scriptinglow4.0---
163675konzept-ix publiXone Configuration File CipherUtils.java hard-coded keylow2.3---
163674konzept-ix publiXone file access [CVE-2020-27180]low2.7---
163673konzept-ix publiXone User Account password recovery [CVE-2020-27179]low4.9---
163672Pulse Connect Secure/Pulse Policy Secure XML External Entity server-side request forgerymedium6.5---
163671pam_tacplus libtac RAND_pseudo_bytes random valueslow2.3---
163670Ruckus vRioT API validate_token.py improper authorizationmedium5.8---
163669Ruckus API Endpoint createUser command injectionmedium6.5---
163668Facebook Hermes Javascript Interpreter out-of-bounds read [CVE-2020-1915]low2.7---
163667OpenRC checkpath symlink [CVE-2018-21269]medium4.3---
163666Motion-Project Motion HTTP Request webu.c denial of servicelow4.3---
163665Octopus Deploy HTTP Host Header redirect [CVE-2020-26161]low4.9---
163664FireEye eMPS sort_by sql injectionmedium6.5---
163663Wiki.js Search Result cross site scripting [CVE-2020-15274]low4.0---
163662git-tag-annotation-action Environment Variable os command injectionmedium6.5---
163661lookatme terminal/file_loader terminal.py os command injectionmedium5.2---
163660opentmpfiles symlink [CVE-2017-18925]medium4.3---
163659systeminformation Curl os command injection [CVE-2020-7752]medium5.2---
163658HPE StoreServ Management Console improper authentication [CVE-2020-7197]medium7.5---
163657HPE BlueData EPIC Software Platform Kerberos Password information disclosurelow3.5---
163656Aruba AirWave Software Remote Code Execution [CVE-2020-7127]medium6.8---
163655Aruba AirWave server-side request forgery [CVE-2020-7126]medium6.5---
163654Aruba AirWave Privileges insufficient privileges [CVE-2020-7125]medium6.0---
163653Aruba AirWave access control [CVE-2020-7124]medium6.5---
163652ZTE eVDC Verification cross site scripting [CVE-2020-6876]low4.0---
163651KDE Partition Manager fstab kpmcore_externalcommand access controlmedium6.8---
163650AntSword View Site cross site scripting [CVE-2020-25470]low4.0---
163649Aruba AirWave command injection [CVE-2020-24632]medium6.0---
163648Aruba AirWave command injection [CVE-2020-24631]medium6.0---
163647AntSword System Command cross site scripting [CVE-2020-18766]medium6.0---
163646Arista EOS IS-IS Router Remote Privilege Escalation [CVE-2020-15897]medium6.0---
163645Arista CloudVision eXchange Server ControllerOob Agent denial of servicelow3.5---
163644pathval Package resource consumption [CVE-2020-7751]low2.3---
163643illumos pam_framework.c parse_user_name buffer overflowmedium4.9---
163642YOURLS Admin Panel PHP Plugin cross site scripting [CVE-2020-27388]low2.3---
163641Google Chrome Printing use after free [CVE-2020-16003]medium7.5---
163640Google Chrome Freetype heap-based overflow [CVE-2020-15999]medium7.5---
163639Google Chrome PDFium use after free [CVE-2020-16002]medium7.5---
163638Google Chrome Media use after free [CVE-2020-16001]medium7.5---
163637Google Chrome Blink out-of-bounds write [CVE-2020-16000]medium7.5---
163636NVIDIA GeForce Experience ShadowPlay access control [CVE-2020-5990]medium4.3---
163635NVIDIA GeForce Experience nvcontainer.exe access controlmedium4.3---
163634NVIDIA GeForce Experience Web Helper NodeJS Web Server uncontrolled search pathmedium4.3---
163633UCMS fopen access controlmedium4.9---
163632FruityWifi sudo access control [CVE-2020-24848]high6.8---
163631FruityWifi page_config_adv.php cross-site request forgerylow5.0---
163630VMware Horizon Client Local Privilege information disclosurelow1.7---
163629VMware Horizon Server Scripting cross site scripting [CVE-2020-3997]low2.3---
163628CRMEB downloadimage Interface server-side request forgery [CVE-2020-25466]medium6.0---
163627Eclipse Jetty temp file [CVE-2020-27216]low4.3---
163626CryptoPro CSP Process Creation denial of service [CVE-2020-9361]low1.7---
163625CryptoPro CSP Process Creation access control [CVE-2020-9331]low4.3---
163624FRITZ!Box Protection Mechanism dns rebinding [CVE-2020-26887]medium4.9---
163623Belkin LINKSYS WRT160NL mini_httpd create_dir buffer overflowlow4.9---
163622VeriFone MX900 File Manager command injection [CVE-2019-14719]medium4.9---
163621VeriFone MX900 Permission svc_netcontrol access controlmedium4.9---
163620VeriFone Verix OS System Call buffer overflow [CVE-2019-14717]medium4.9---
163619VeriFone VerixV Shell access control [CVE-2019-14716]low3.7---
163618VeriFone Pinpad Payment Terminal SBI Bootloader memory corruptionmedium6.2---
163617VeriFone MX900 Installation insufficient verification of data authenticitymedium4.9---
163616VeriFone VerixV S1G File unknown vulnerability [CVE-2019-14712]medium4.9---
163615VeriFone MX900 race condition [CVE-2019-14711]medium4.9---
163614Comtrend AR-5387un cross site scripting [CVE-2018-8062]low3.5---
163613Apple watchOS information disclosure [CVE-2020-9997]low2.3---
163612Apple macOS information disclosure [CVE-2020-9997]low2.3---
163611Apple watchOS path traversal [CVE-2020-9994]low4.9---
163610Apple tvOS path traversal [CVE-2020-9994]low4.9---
163609Apple macOS path traversal [CVE-2020-9994]low4.9---
163608Apple iOS/iPadOS path traversal [CVE-2020-9994]low4.9---
163607Apple macOS Application race condition [CVE-2020-9990]medium7.4---
163606Apple macOS Home Folder access control [CVE-2020-9986]low2.3---
163605Apple watchOS USD File buffer overflow [CVE-2020-9985]medium7.5---
163604Apple macOS USD File buffer overflow [CVE-2020-9985]medium7.5---
163603Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9985]medium7.5---
163602Apple iCloud Image out-of-bounds read [CVE-2020-9984]medium7.5---
163601Apple iTunes Image out-of-bounds read [CVE-2020-9984]medium7.5---
163600Apple watchOS Image out-of-bounds read [CVE-2020-9984]medium7.5---
163599Apple tvOS Image out-of-bounds read [CVE-2020-9984]medium7.5---
163598Apple macOS Image out-of-bounds read [CVE-2020-9984]medium7.5---
163597Apple iOS/iPadOS Image out-of-bounds read [CVE-2020-9984]medium7.5---
163596Apple watchOS Font File out-of-bounds write [CVE-2020-9980]medium7.5---
163595Apple tvOS Font File out-of-bounds write [CVE-2020-9980]medium7.5---
163594Apple macOS Font File out-of-bounds write [CVE-2020-9980]medium7.5---
163593Apple iOS/iPadOS Font File out-of-bounds write [CVE-2020-9980]medium7.5---
163592Apple tvOS USD File buffer overflow [CVE-2020-9940]medium7.5---
163591Apple macOS USD File buffer overflow [CVE-2020-9940]medium7.5---
163590Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9940]medium7.5---
163589Apple macOS Extension access control [CVE-2020-9939]low4.3---
163588Apple macOS State Management privileges assignment [CVE-2020-9935]medium5.2---
163587Apple macOS Kernel Memory memory corruption [CVE-2020-9929]low4.3---
163586Apple macOS Application memory corruption [CVE-2020-9928]medium7.4---
163585Apple macOS Application memory corruption [CVE-2020-9927]medium7.4---
163584Apple macOS State Management denial of service [CVE-2020-9924]low3.5---
163583Apple macOS Application memory corruption [CVE-2020-9921]low4.9---
163582Apple watchOS Mail Server denial of service [CVE-2020-9920]low6.4---
163581Apple macOS Mail Server denial of service [CVE-2020-9920]low6.4---
163580Apple iOS/iPadOS Mail Server denial of service [CVE-2020-9920]low6.4---
163579Apple macOS Kernel Memory out-of-bounds read [CVE-2020-9908]low4.3---
163578Apple watchOS Kernel Memory memory corruption [CVE-2020-9906]medium6.0---
163577Apple macOS Kernel Memory memory corruption [CVE-2020-9906]medium6.0---
163576Apple iOS/iPadOS Kernel Memory memory corruption [CVE-2020-9906]medium6.0---
163575Apple tvOS buffer overflow [CVE-2020-9905]low3.5---
163574Apple macOS buffer overflow [CVE-2020-9905]low3.5---
163573Apple iOS/iPadOS buffer overflow [CVE-2020-9905]low3.5---
163572Apple watchOS Application memory corruption [CVE-2020-9904]medium7.4---
163571Apple tvOS Application memory corruption [CVE-2020-9904]medium7.4---
163570Apple macOS Application memory corruption [CVE-2020-9904]medium7.4---
163569Apple iOS/iPadOS Application memory corruption [CVE-2020-9904]medium7.4---
163568Apple watchOS Kernel Memory out-of-bounds read [CVE-2020-9902]low2.3---
163567Apple tvOS Kernel Memory out-of-bounds read [CVE-2020-9902]low2.3---
163566Apple macOS Kernel Memory out-of-bounds read [CVE-2020-9902]low2.3---
163565Apple iOS/iPadOS Kernel Memory out-of-bounds read [CVE-2020-9902]low2.3---
163564Apple tvOS Path Validation symlink [CVE-2020-9901]low4.3---
163563Apple macOS Path Validation symlink [CVE-2020-9901]low4.3---
163562Apple iOS/iPadOS Path Validation symlink [CVE-2020-9901]low4.3---
163561Apple watchOS Path Validation symlink [CVE-2020-9900]low4.3---
163560Apple tvOS Path Validation symlink [CVE-2020-9900]low4.3---
163559Apple macOS Path Validation symlink [CVE-2020-9900]low4.3---
163558Apple iOS/iPadOS Path Validation symlink [CVE-2020-9900]low4.3---
163557Apple macOS Application memory corruption [CVE-2020-9899]medium7.4---
163556Apple macOS Restrictions sandbox [CVE-2020-9898]medium4.9---
163555Apple iOS/iPadOS Restrictions sandbox [CVE-2020-9898]medium4.9---
163554Apple watchOS Application memory corruption [CVE-2020-9892]medium7.4---
163553Apple tvOS Application memory corruption [CVE-2020-9892]medium7.4---
163552Apple macOS Application memory corruption [CVE-2020-9892]medium7.4---
163551Apple iOS/iPadOS Application memory corruption [CVE-2020-9892]medium7.4---
163550Apple macOS JPEG Image memory corruption [CVE-2020-9887]medium7.5---
163549Apple iCloud Image buffer overflow [CVE-2020-9883]medium7.5---
163548Apple iTunes Image buffer overflow [CVE-2020-9883]medium7.5---
163547Apple watchOS Image buffer overflow [CVE-2020-9883]medium7.5---
163546Apple tvOS Image buffer overflow [CVE-2020-9883]medium7.5---
163545Apple macOS Image buffer overflow [CVE-2020-9883]medium7.5---
163544Apple iOS/iPadOS Image buffer overflow [CVE-2020-9883]medium7.5---
163543Apple watchOS USD File buffer overflow [CVE-2020-9882]low4.9---
163542Apple macOS USD File buffer overflow [CVE-2020-9882]low4.9---
163541Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9882]low4.9---
163540Apple watchOS USD File buffer overflow [CVE-2020-9881]low4.9---
163539Apple macOS USD File buffer overflow [CVE-2020-9881]low4.9---
163538Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9881]low4.9---
163537Apple watchOS USD File buffer overflow [CVE-2020-9880]low4.9---
163536Apple tvOS USD File buffer overflow [CVE-2020-9880]low4.9---
163535Apple macOS USD File buffer overflow [CVE-2020-9880]low4.9---
163534Apple iOS/iPadOS USD File buffer overflow [CVE-2020-9880]low4.9---
163533Apple macOS Application memory corruption [CVE-2020-9869]low3.5---
163532Apple watchOS Certificate Validation certificate validation [CVE-2020-9868]low2.3---
163531Apple tvOS Certificate Validation certificate validation [CVE-2020-9868]low2.3---
163530Apple macOS Certificate Validation certificate validation [CVE-2020-9868]low2.3---
163529Apple iOS/iPadOS Certificate Validation certificate validationlow2.3---
163528Apple watchOS uninitialized pointer [CVE-2020-9863]medium7.4---
163527Apple tvOS uninitialized pointer [CVE-2020-9863]medium7.4---
163526Apple macOS uninitialized pointer [CVE-2020-9863]medium7.4---
163525Apple iOS/iPadOS uninitialized pointer [CVE-2020-9863]medium7.4---
163524Apple tvOS Application unknown vulnerability [CVE-2020-9854]low4.9---
163523Apple macOS Application unknown vulnerability [CVE-2020-9854]low4.9---
163522Apple iOS/iPadOS Application unknown vulnerability [CVE-2020-9854]low4.9---
163521Apple macOS Kernel Memory memory corruption [CVE-2020-9853]low2.3---
163520Apple macOS Restrictions improper authentication [CVE-2020-9810]low4.6---
163519Apple macOS Application race condition [CVE-2020-9796]medium7.4---
163518Apple watchOS Restrictions denial of service [CVE-2020-9787]low2.3---
163517Apple tvOS Restrictions denial of service [CVE-2020-9787]low2.3---
163516Apple macOS Restrictions denial of service [CVE-2020-9787]low2.3---
163515Apple iOS/iPadOS Restrictions denial of service [CVE-2020-9787]low2.3---
163514Apple macOS Kernel Memory out-of-bounds read [CVE-2020-9779]low4.3---
163513Vmware Velero Volume information disclosure [CVE-2020-3996]low2.3---
163512Apple watchOS User Information sandbox [CVE-2020-3918]low1.7---
163511Apple tvOS User Information sandbox [CVE-2020-3918]low1.7---
163510Apple macOS User Information sandbox [CVE-2020-3918]low1.7---
163509Apple iOS/iPadOS User Information sandbox [CVE-2020-3918]low1.7---
163508Apple macOS Application unknown vulnerability [CVE-2020-3915]low4.9---
163507Apple macOS Application memory corruption [CVE-2020-3898]low4.9---
163506Linux Kernel events_base.c use after freelow4.9---
163505Xen TLB Entry memory corruption [CVE-2020-27674]medium7.4---
163504Linux Kernel dom0 Event denial of service [CVE-2020-27673]medium5.2---
163503Xen Superpage use after free [CVE-2020-27672]low4.9---
163502Xen IOMMU TLB Flush denial of service [CVE-2020-27671]low2.3---
163501Xen AMD IOMMU Page-Table Entry denial of service [CVE-2020-27670]low2.3---
163500Strapi WYSIWYG Editor Preview cross site scripting [CVE-2020-27666]low2.3---
163499Strapi content-type-builder Route hasPermissions permissionmedium4.9---
163498Strapi index.js unknown vulnerability [CVE-2020-27664]low4.9---
163497LeviStudioU Parameter xml external entity reference [CVE-2020-25186]medium4.9---
163496Eyoucms login.php cross-site request forgerylow3.3---
163495Tiki Admin Password tiki-login.php improper authenticationmedium5.8---
163494parse-server Session Token operation after expiration [CVE-2020-15270]low4.0---
163493GitLab Runner Runner Configuration unknown vulnerability [CVE-2020-13327]low4.9---
163492Micro Focus Manager Remote Privilege Escalation [CVE-2020-11853]medium6.0---
163491fabric8-maven-plugin wildfly-swarm/Thorntail Custom Configuration deserializationmedium4.3---
163490Mozilla Network Security Services Certificate Sequence denial of servicelow3.5---
163489Mozilla Network Security Services buffer overflow [CVE-2019-17006]low4.9---
163488Microchip CryptoAuthentication Library CryptoAuthLib buffer overflowlow4.9---
163487Microchip CryptoAuthentication Library CryptoAuthLib buffer overflowlow4.9---
163486Atmel Advanced Software Framework integer overflow [CVE-2019-16127]medium4.9---
163485Mozilla Network Security Services Signature denial of servicelow4.0---
163484Elasticsearch Field Level Security permission [CVE-2020-7020]medium4.9---
163483Biscom Secure File Transfer insufficiently protected credentialslow2.3---
163482ImageMagick layer.c OptimizeLayerFrames divide by zerolow2.3---
163481DedeCMS cross site scripting [CVE-2020-27533]low2.3---
163480Hashicorp Nomad/Nomad Enterprise sandbox [CVE-2020-27195]medium4.9---
163479Octopus Deploy Websocket Endpoint unknown vulnerability [CVE-2020-27155]low4.9---
163478AtomXCMS dump.php path traversallow2.3---
163477AtomXCMS dump.php access controlmedium4.9---
163476fs.com S3900 24T4S access control [CVE-2020-24033]medium6.0---
163475Adobe Animate FLA File out-of-bounds read [CVE-2020-9750]medium7.5---
163474Adobe Animate FLA File out-of-bounds read [CVE-2020-9749]low5.0---
163473Adobe Animate FLA File stack-based overflow [CVE-2020-9748]medium7.5---
163472Adobe Animate FLA File double free [CVE-2020-9747]medium7.5---
163471Cisco ASA Web-based Management Interface cross site scriptinglow5.0---
163470Cisco ASA/Firepower Threat Defense TLS Connection information exposurelow5.0---
163469Cisco ASA/Firepower Threat Defense Web Services Interface cross site scriptinglow5.0---
163468Cisco ASA/Firepower Threat Defense Web Services Interface cross site scriptinglow5.0---
163467Cisco ASA/Firepower Threat Defense Web Services Interface cross site scriptinglow5.0---
163466Cisco ASA/Firepower Threat Defense Web Services Interface cross site scriptinglow5.0---
163465Cisco ASA/Firepower Threat Defense Web Services Interface authorizationlow5.0---
163464Cisco Firepower Threat Defense denial of service [CVE-2020-3577]medium6.1---
163463Cisco ASA/Firepower Threat Defense TLS Connection resource consumptionmedium7.8---
163462Cisco Firepower Threat Defense ICMPv6 Packet resource consumptionmedium7.8---
163461Cisco Firepower Threat Defense TCP Interception access controlmedium5.0---
163460Cisco ASA/Firepower Threat Defense FTP Inspection Engine access controllow5.0---
163459Cisco Firepower Threat Defense TCP Packet denial of service [CVE-2020-3563]medium7.8---
163458Cisco Firepower Threat Defense TLS inspection memory corruptionmedium7.8---
163457Cisco ASA/Firepower Threat Defense Clientless SSL VPN crlf injectionmedium5.0---
163456Cisco FirePOWER Management Center Web-based Management Interface redirectmedium7.5---
163455Cisco FirePOWER Management Center API Daemon certificate validationlow5.0---
163454Cisco ASA/Firepower Threat Defense SIP Inspection denial of servicemedium5.4---
163453Cisco ASA/Firepower Threat Defense TCP Packet resource consumptionmedium7.8---
163452Cisco FirePOWER Management Center Web-based Management Interface cross site scriptinglow3.3---
163451Cisco FirePOWER Management Center sfmgr Daemon path traversalmedium6.5---
163450Cisco FirePOWER Management Center sftunnel inadequate encryptionlow2.6---
163449Cisco Firepower Threat Defense SNMP resource consumption [CVE-2020-3533]high7.8---
163448Cisco ASA/Firepower Threat Defense SSL VPN Negotiation resource consumptionhigh7.8---
163447Cisco ASA/Firepower Threat Defense OSPFv2 Packet denial of servicehigh7.8---
163446Cisco FirePOWER Management Center Web-based Management Interface cross site scriptinglow3.3---
163445Cisco Firepower Threat Defense Multi-Instance sandbox [CVE-2020-3514]medium6.5---
163444Cisco FirePOWER Management Center Licensing Service resource managementmedium7.8---
163443Cisco FXOS CLI os command injection [CVE-2020-3459]medium6.5---
163442Cisco ASA/Firepower Threat Defense Secure Boot protection mechanismmedium6.5---
163441Cisco FXOS CLI os command injection [CVE-2020-3457]medium6.5---
163440Cisco FXOS Firepower Chassis Manager cross-site request forgerylow5.0---
163439Cisco FXOS Secure Boot protection mechanism [CVE-2020-3455]medium6.5---
163438Cisco ASA/Firepower Threat Defense Web Services Interface unrestricted uploadlow5.0---
163437Cisco FirePOWER Management Center Common Access Card Authentication improper authenticationlow5.1---
163436Cisco ASA/Firepower Threat Defense IP Fragment Reassembly resource consumptionlow5.0---
163435Cisco Firepower Threat Defense CLI backdoor [CVE-2020-3352]medium4.3---
163434Cisco ASA/Firepower Threat Defense SSL Inspection denial of servicelow5.0---
163433Cisco ASA/Firepower Threat Defense HTTP Request resource consumptionlow5.0---
163432Cisco Integrated Services Router Snort Detection Engine protection mechanismmedium5.0---
163431BigBlueButton Greenlight Merge Account admins.js cross site scriptinglow2.3---
163430fastd receive.c denial of servicelow4.9---
163429FileImporter Extension unknown vulnerability [CVE-2020-27621]low4.9---
163428Cosmos Skin rawElement cross site scriptinglow4.0---
163427Python HTTP multibytecodec_support.py eval unknown vulnerabilitylow4.9---
163426Loginizer SQL Injection lz_valid_ip sql injectionlow4.9---
163425cm-download-manager cross site scripting [CVE-2020-27344]low6.4---
163424Adobe Dreamweaver uncontrolled search path [CVE-2020-24425]high6.8---
163423Adobe Premiere Pro uncontrolled search path [CVE-2020-24424]medium7.5---
163422Adobe Media Encoder uncontrolled search path [CVE-2020-24423]medium4.6---
163421Adobe Creative Cloud Desktop Application uncontrolled search pathmedium7.5---
163420Adobe InDesign indd File memory corruption [CVE-2020-24421]medium7.5---
163419Adobe Photoshop uncontrolled search path [CVE-2020-24420]medium7.5---
163418Adobe After Effects uncontrolled search path [CVE-2020-24419]medium7.5---
163417Adobe After Effects aepx File out-of-bounds readlow4.3---
163416WSO2 API Manager publisher cross site scripting [CVE-2020-17454]low4.0---
163415Ghisler Total Commander Access Restriction TOTALCMD64.EXE access controlmedium6.5---
163414Arista EOS DHCP Packet denial of service [CVE-2020-17355]low3.5---
163413TensorFlow Large Value tf.image.crop_and_resize memory corruptionlow4.3---
163412TensorFlow Dimensions tf.quantization.quantize_and_dequantize out-of-bounds readlow2.6---
163411magento-lts Gem Product Attribute injection [CVE-2020-15244]medium6.5---
163410omniauth-auth0 Gem JWT Token Signature Validation jwt_validator.verify improper authenticationmedium7.5---
163409Apache Hadoop Web Endpoint Authentication improper authenticationmedium6.5---
163408scratch-svg-renderer SVG _transformMeasurements cross site scriptingmedium5.0---
163407Fortinet FortiOS Command Line Interface information disclosurelow2.7---
163406Simple Download Monitor URL sql injection [CVE-2020-5651]medium6.0---
163405Simple Download Monitor Scripting cross site scripting [CVE-2020-5650]medium6.0---
163404BigBlueButton FreeSWITCH hard-coded key [CVE-2020-27613]low4.1---
163403BigBlueButton Username information disclosure [CVE-2020-27612]low5.0---
163402BigBlueButton STUN/TURN risky encryption [CVE-2020-27611]medium6.0---
163401BigBlueButton Firewall Configuration access control [CVE-2020-27610]medium6.5---
163400BigBlueButton Interface information disclosure [CVE-2020-27609]low2.6---
163399BigBlueButton Content-Type Header cross site scripting [CVE-2020-27608]low2.3---
163398BigBlueButton Mute information disclosure [CVE-2020-27607]low2.6---
163397BigBlueButton Session Cookie missing secure attribute [CVE-2020-27606]low2.6---
163396BigBlueButton Ghostscript sandbox [CVE-2020-27605]medium7.5---
163395BigBlueButton LibreOffice Sandbox bigbluebutton.properties sandboxmedium3.5---
163394BigBlueButton LibreOffice Document unknown vulnerability [CVE-2020-27603]low4.9---
163393BigBlueButton Office Document server-side request forgery [CVE-2020-25820]medium6.0---
163392Acronis True Image ACL permission assignmenthigh9.0---
163391Acronis True Image OpenSSL openssl.cnf access controlhigh9.0---
163390Acronis Cyber Backup/Cyber Protect OpenSSL openssl.cnf access controlhigh9.0---
163389Mozilla Firefox External Protocol memory corruption [CVE-2020-15684]medium7.5---
163388Mozilla Firefox External Protocol improper restriction of rendered ui layersmedium7.5---
163387Mozilla Firefox WASM Thread denial of service [CVE-2020-15681]low5.0---
163386Mozilla Firefox Image Tag information disclosure [CVE-2020-15680]low5.0---
163385Mozilla Firefox Crossbeam Rust Crate from_iter memory corruptionmedium7.5---
163384Mozilla Firefox usersctp use after free [CVE-2020-15969]medium7.5---
163383Mozilla Firefox/Firefox ESR memory corruption [CVE-2020-15683]medium7.5---
163382Mozilla Firefox ESR usersctp use after free [CVE-2020-15969]medium7.5---
163381Oracle VM VirtualBox denial of service [CVE-2020-14892]medium4.6---
163380Oracle VM VirtualBox information disclosure [CVE-2020-14889]medium4.3---
163379Oracle VM VirtualBox information disclosure [CVE-2020-14886]medium4.3---
163378Oracle VM VirtualBox information disclosure [CVE-2020-14885]medium4.3---
163377Oracle VM VirtualBox information disclosure [CVE-2020-14884]medium4.3---
163376Oracle VM VirtualBox information disclosure [CVE-2020-14881]medium4.3---
163375Oracle VM VirtualBox Local Privilege Escalation [CVE-2020-14872]medium6.5---
163374Oracle Utilities Framework Common information disclosure [CVE-2020-9488]low2.6---
163373Oracle Utilities Framework System Wide unknown vulnerabilitymedium5.5---
163372Oracle Utilities Framework General information disclosure [CVE-2020-1945]medium5.5---
163371Oracle Utilities Framework General xml external entity referencehigh10.0---
163370Oracle Utilities Framework Common deserialization [CVE-2019-10173]high10.0---
163369Oracle Solaris Kernel unknown vulnerability [CVE-2020-14759]low1.0---
163368Oracle Solaris Utility unknown vulnerability [CVE-2020-14818]low2.1---
163367Oracle Solaris Filesystem denial of service [CVE-2020-14754]medium4.6---
163366Oracle Solaris Kernel unknown vulnerability [CVE-2020-14758]medium5.2---
163365Oracle Fujitsu M12-1/Fujitsu M12-2/Fujitsu M12-2S XCP Firmware information disclosuremedium3.8---
163364Oracle Fujitsu M10-1 XCP Firmware denial of service [CVE-2019-11477]medium7.8---
163363Oracle ZFS Storage Appliance Kit Operating System Image buffer overflowhigh10.0---
163362Oracle Solaris Pluggable authentication module parse_user_name stack-based overflowhigh10.0---
163361Oracle Agile Product Lifecycle Management for Process Supplier Portal cross site scriptingmedium6.4---
163360Oracle Transportation Management Install deserialization [CVE-2020-9484]medium6.0---
163359Oracle Agile PLM Security xml external entity reference [CVE-2020-10683]high10.0---
163358Oracle Agile PLM Folders/Files / Attachments input validationhigh10.0---
163357Oracle Siebel UI Framework UIF Open UI cross site scripting [CVE-2020-11022]medium6.4---
163356Oracle Siebel Apps - Marketing Mktg/Campaign Mgmt denial of servicemedium7.8---
163355Oracle Siebel Apps - Marketing Mktg/Email Mktg Stand-Alone access controlhigh10.0---
163354Oracle Retail Customer Management and Segmentation Foundation Segment information disclosurelow2.1---
163353Oracle Retail Customer Management and Segmentation Foundation Promotions information disclosurelow2.1---
163352Oracle Retail Predictive Application Server RPAS Fusion Client information disclosurelow2.6---
163351Oracle Retail Order Broker Store Connect information disclosurelow2.6---
163350Oracle Retail Integration Bus RIB Kernal information disclosurelow2.6---
163349Oracle Retail Bulk Data Integration BDI Job Scheduler information disclosurelow2.6---
163348Oracle Retail Assortment Planning Application Core information disclosurelow2.6---
163347Oracle Retail Advanced Inventory Planning AIP Dashboard information disclosurelow2.6---
163346Oracle Retail Order Broker Store Connect information disclosuremedium4.6---
163345Oracle Retail Returns Management Security cross site scriptingmedium6.4---
163344Oracle Retail Point-of-Service Mobile POS cross site scriptingmedium6.4---
163343Oracle Retail Customer Management and Segmentation Foundation Segments cross site scriptingmedium6.4---
163342Oracle Retail Central Office Security cross site scripting [CVE-2020-11022]medium6.4---
163341Oracle Retail Back Office Security cross site scripting [CVE-2020-11022]medium6.4---
163340Oracle Retail Xstore Point of Service Xenvironment information disclosuremedium7.8---
163339Oracle Retail Service Backbone RSB kernel information disclosuremedium7.8---
163338Oracle Retail Predictive Application Server RPAS Server information disclosuremedium7.8---
163337Oracle Retail Integration Bus RIB Kernal information disclosuremedium7.8---
163336Oracle Retail Assortment Planning Application Core information disclosuremedium7.8---
163335Oracle Retail Order Broker Order Broker Foundation injectionmedium10.0---
163334Oracle Retail Returns Management Security information disclosuremedium9.4---
163333Oracle Retail Point-of-Service Security information disclosuremedium9.4---
163332Oracle Retail Integration Bus RIB Kernal information disclosuremedium9.4---
163331Oracle Retail Central Office Security information disclosuremedium9.4---
163330Oracle Retail Back Office Security information disclosure [CVE-2020-1945]medium9.4---
163329Oracle Retail Service Backbone RSB kernel deserialization [CVE-2020-9546]high10.0---
163328Oracle Retail Price Management Security xml external entity referencehigh10.0---
163327Oracle Retail Order Broker System Administration xml external entity referencehigh10.0---
163326Oracle Policy Automation for Mobile Devices information disclosurelow2.6---
163325Oracle Policy Automation Connector for Siebel information disclosurelow2.6---
163324Oracle Policy Automation information disclosure [CVE-2020-9488]low2.6---
163323Oracle Policy Automation for Mobile Devices cross site scriptingmedium6.4---
163322Oracle Policy Automation Connector for Siebel cross site scriptingmedium6.4---
163321Oracle Policy Automation cross site scripting [CVE-2020-11022]medium6.4---
163320Oracle PeopleSoft Enterprise PeopleTools Query information disclosurelow3.3---
163319Oracle PeopleSoft Enterprise PeopleTools Updates Environment Mgmt information disclosurelow2.6---
163318Oracle PeopleSoft Enterprise PeopleTools Tools Admin API information disclosurelow2.6---
163317Oracle PeopleSoft Enterprise PeopleTools Query information disclosuremedium5.0---
163316Oracle PeopleSoft Enterprise PeopleTools Elastic Search information disclosuremedium4.6---
163315Oracle PeopleSoft Enterprise PeopleTools Portal/Charting cross site scriptingmedium6.4---
163314Oracle PeopleSoft Enterprise PeopleTools PIA Grids unknown vulnerabilitymedium6.4---
163313Oracle PeopleSoft Enterprise PeopleTools PIA Core Technology cross site scriptingmedium6.4---
163312Oracle PeopleSoft Enterprise PeopleTools PIA Core Technology unknown vulnerabilitymedium6.4---
163311Oracle PeopleSoft Enterprise PeopleTools PIA Core Technology unknown vulnerabilitymedium6.4---
163310Oracle PeopleSoft Enterprise PeopleTools Integration Broker unknown vulnerabilitymedium6.4---
163309Oracle PeopleSoft Enterprise HCM Global Payroll Core Security Remote Privilege Escalationmedium6.5---
163308Oracle PeopleSoft Enterprise PeopleTools PIA Core Technology information disclosuremedium7.8---
163307Oracle PeopleSoft Enterprise SCM eSupplier Connection unknown vulnerabilitymedium8.5---
163306Oracle PeopleSoft Enterprise PeopleTools Weblogic out-of-bounds readhigh10.0---
163305Oracle MySQL Server LDAP Auth denial of service [CVE-2020-14771]low1.7---
163304Oracle MySQL Server InnoDB denial of service [CVE-2020-14791]low1.7---
163303Oracle MySQL Server Roles unknown vulnerability [CVE-2020-14860]low3.3---
163302Oracle MySQL Server Privileges information disclosure [CVE-2020-14838]medium4.0---
163301Oracle MySQL Server Logging denial of service [CVE-2020-14873]medium4.6---
163300Oracle MySQL Server DDL denial of service [CVE-2020-14867]medium4.6---
163299Oracle MySQL Cluster NDBCluster Plugin unknown vulnerabilitymedium5.5---
163298Oracle MySQL Server X Plugin denial of service [CVE-2020-14870]medium6.1---
163297Oracle MySQL Server Stored Procedure denial of service [CVE-2020-14672]medium6.1---
163296Oracle MySQL Server LDAP Auth denial of service [CVE-2020-14869]medium6.1---
163295Oracle MySQL Server Encryption denial of service [CVE-2020-14799]medium6.1---
163294Oracle MySQL Server PS denial of service [CVE-2020-14844]medium6.1---
163293Oracle MySQL Server PS denial of service [CVE-2020-14790]medium6.1---
163292Oracle MySQL Server PS denial of service [CVE-2020-14786]medium6.1---
163291Oracle MySQL Server Optimizer denial of service [CVE-2020-14893]medium6.1---
163290Oracle MySQL Server Optimizer denial of service [CVE-2020-14891]medium6.1---
163289Oracle MySQL Server Optimizer denial of service [CVE-2020-14888]medium6.1---
163288Oracle MySQL Server Optimizer denial of service [CVE-2020-14868]medium6.1---
163287Oracle MySQL Server Optimizer denial of service [CVE-2020-14866]medium6.1---
163286Oracle MySQL Server Optimizer denial of service [CVE-2020-14861]medium6.1---
163285Oracle MySQL Server Optimizer denial of service [CVE-2020-14845]medium6.1---
163284Oracle MySQL Server Optimizer denial of service [CVE-2020-14839]medium6.1---
163283Oracle MySQL Server Optimizer denial of service [CVE-2020-14837]medium6.1---
163282Oracle MySQL Server Optimizer denial of service [CVE-2020-14809]medium6.1---
163281Oracle MySQL Server Optimizer denial of service [CVE-2020-14794]medium6.1---
163280Oracle MySQL Server Optimizer denial of service [CVE-2020-14793]medium6.1---
163279Oracle MySQL Server Optimizer denial of service [CVE-2020-14785]medium6.1---
163278Oracle MySQL Server Optimizer denial of service [CVE-2020-14777]medium6.1---
163277Oracle MySQL Server Optimizer denial of service [CVE-2020-14773]medium6.1---
163276Oracle MySQL Server Locking denial of service [CVE-2020-14812]medium6.1---
163275Oracle MySQL Server FTS denial of service [CVE-2020-14804]medium6.1---
163274Oracle MySQL Server FTS denial of service [CVE-2020-14789]medium6.1---
163273Oracle MySQL Server DML denial of service [CVE-2020-14814]medium6.1---
163272Oracle MySQL Server Charsets denial of service [CVE-2020-14852]medium6.1---
163271Oracle MySQL Server InnoDB denial of service [CVE-2020-14848]medium6.1---
163270Oracle MySQL Server InnoDB denial of service [CVE-2020-14829]medium6.1---
163269Oracle MySQL Server InnoDB denial of service [CVE-2020-14821]medium6.1---
163268Oracle MySQL Server InnoDB denial of service [CVE-2020-14776]medium6.1---
163267Oracle MySQL Workbench denial of service [CVE-2020-1730]medium5.0---
163266Oracle MySQL Server Optimizer unknown vulnerability [CVE-2020-14760]medium6.8---
163265Oracle MySQL Server LDAP Auth information disclosure [CVE-2020-14827]medium6.8---
163264Oracle MySQL Server Encryption denial of service [CVE-2020-14800]medium6.8---
163263Oracle MySQL Server Optimizer denial of service [CVE-2020-14846]medium6.8---
163262Oracle MySQL Server Optimizer denial of service [CVE-2020-14836]medium6.8---
163261Oracle MySQL Server Optimizer denial of service [CVE-2020-14830]medium6.8---
163260Oracle MySQL Server Optimizer denial of service [CVE-2020-14769]medium6.8---
163259Oracle MySQL Server FTS denial of service [CVE-2020-14765]medium6.8---
163258Oracle MySQL Server InnoDB denial of service [CVE-2020-14775]medium6.8---
163257Oracle MySQL Server DML Remote Privilege Escalation [CVE-2020-14828]medium8.3---
163256Oracle MySQL Workbench Workbench: Encryption denial of servicemedium7.8---
163255Oracle MySQL Enterprise Monitor Monitoring: General denial of servicemedium7.8---
163254Oracle MySQL Server LDAP Auth unknown vulnerability [CVE-2020-14878]medium7.7---
163253Oracle MySQL Cluster JS module memory corruption [CVE-2020-8174]high10.0---
163252Oracle Java SE Libraries unknown vulnerability [CVE-2020-14798]low2.6---
163251Oracle Java SE Libraries information disclosure [CVE-2020-14796]low2.6---
163250Oracle Java SE Serialization denial of service [CVE-2020-14779]low2.6---
163249Oracle Java SE Libraries unknown vulnerability [CVE-2020-14797]low2.6---
163248Oracle Java SE Libraries unknown vulnerability [CVE-2020-14782]low2.6---
163247Oracle Java SE JNDI information disclosure [CVE-2020-14781]low2.6---
163246Oracle Java SE Hotspot unknown vulnerability [CVE-2020-14792]medium4.0---
163245Oracle Java SE Libraries information disclosure [CVE-2020-14803]medium5.0---
163244Oracle Insurance Rules Palette Architecture information disclosurelow2.6---
163243Oracle Insurance Policy Administration J2EE Architecture information disclosurelow2.6---
163242Oracle Insurance Insbridge Rating and Underwriting Framework Administrator IBFA information disclosurelow2.6---
163241Oracle Insurance Insbridge Rating and Underwriting Framework Administrator IBFA cross site scriptingmedium6.4---
163240Oracle Insurance Policy Administration J2EE Admin Console code downloadmedium7.6---
163239Oracle Insurance Policy Administration J2EE Architecture deserializationhigh10.0---
163238Oracle Hyperion BI+ IQR-Foundation service information disclosurelow1.7---
163237Oracle Hyperion Planning Application Development Framework unknown vulnerabilitymedium4.6---
163236Oracle Hyperion Lifecycle Management Shared Services unknown vulnerabilitymedium4.6---
163235Oracle Hyperion Lifecycle Management Shared Services unknown vulnerabilitymedium4.6---
163234Oracle Hyperion BI+ IQR-Foundation service information disclosuremedium4.6---
163233Oracle Hyperion Analytic Provider Services Smart View Provider unknown vulnerabilitymedium4.0---
163232Oracle Hyperion Essbase Security/Provisioning information disclosuremedium3.8---
163231Oracle Hyperion Infrastructure Technology UI/Visualization unknown vulnerabilitymedium7.7---
163230Oracle Hyperion Essbase Security/Provisioning buffer overflowhigh10.0---
163229Oracle Hospitality Suite8 WebConnect unknown vulnerability [CVE-2020-14810]medium6.4---
163228Oracle Hospitality OPERA 5 Property Services Logging unknown vulnerabilitymedium7.7---
163227Oracle Hospitality OPERA 5 Property Services Logging Remote Privilege Escalationmedium8.3---
163226Oracle Hospitality Guest Access Base deserialization [CVE-2020-9484]medium6.0---
163225Oracle Hospitality Suite8 WebConnect unknown vulnerability [CVE-2020-14807]medium8.5---
163224Oracle Hospitality Guest Access Base operation after expirationhigh9.7---
163223Oracle Healthcare Foundation Admin Console cross site scriptingmedium6.4---
163222Oracle Healthcare Data Repository Database Module Remote Code Executionhigh10.0---
163221Oracle Health Sciences Empirica Signal User Interface xml external entity referencehigh10.0---
163220Oracle Healthcare Foundation Self Service Analytics input validationhigh10.0---
163219Oracle GraalVM Enterprise Edition Java information disclosuremedium5.0---
163218Oracle WebLogic Server information disclosure [CVE-2020-9488]low2.6---
163217Oracle Outside In Technology Installation unknown vulnerabilitymedium4.6---
163216Oracle Business Process Management Suite Document Service denial of servicemedium4.9---
163215Oracle WebLogic Server Console cross site scripting [CVE-2020-11022]medium6.4---
163214Oracle WebCenter Portal Blogs/Wikis cross site scripting [CVE-2020-9281]medium6.4---
163213Oracle JDeveloper ADF Faces cross site scripting [CVE-2020-11022]medium6.4---
163212Oracle Business Process Management Suite Runtime Engine unknown vulnerabilitymedium6.4---
163211Oracle Business Process Management Suite Runtime Engine cross site scriptingmedium6.4---
163210Oracle BI Publisher BI Publisher Security cross site scriptingmedium6.4---
163209Oracle Business Process Management Suite Runtime Engine information disclosuremedium5.5---
163208Oracle Outside In Technology Installation use after free [CVE-2020-15389]medium6.1---
163207Oracle WebLogic Server Web Services unknown vulnerability [CVE-2020-14757]medium7.1---
163206Oracle Managed File Transfer MFT Runtime Server deserializationmedium6.0---
163205Oracle Business Intelligence Enterprise Edition Analytics Web Administration unknown vulnerabilitymedium7.5---
163204Oracle Business Intelligence Enterprise Edition Analytics Actions Remote Code Executionmedium7.5---
163203Oracle BI Publisher BI Publisher Security unknown vulnerabilitymedium8.5---
163202Oracle WebLogic Server Console Remote Privilege Escalation [CVE-2020-14883]medium8.3---
163201Oracle HTTP Server null pointer dereference [CVE-2019-10097]medium8.3---
163200Oracle WebLogic Server information disclosure [CVE-2020-14820]medium7.8---
163199Oracle HTTP Server SSL Module denial of service [CVE-2020-1967]medium7.8---
163198Oracle Business Intelligence Enterprise Edition Installation information disclosuremedium7.8---
163197Oracle Management Pack for GoldenGate Monitor denial of servicemedium6.8---
163196Oracle Data Integrator Jave APIs data processing [CVE-2016-2510]medium7.6---
163195Oracle Business Intelligence Enterprise Edition Analytics Actions unknown vulnerabilitymedium8.5---
163194Oracle BI Publisher Mobile Service unknown vulnerability [CVE-2020-14784]medium8.5---
163193Oracle BI Publisher BI Publisher Security unknown vulnerabilitymedium8.5---
163192Oracle BI Publisher E-Business Suite - XDO unknown vulnerabilitymedium7.5---
163191Oracle BI Publisher E-Business Suite - XDO unknown vulnerabilitymedium7.5---
163190Oracle WebLogic Server Remote Code Execution [CVE-2020-14859]high10.0---
163189Oracle WebLogic Server Remote Code Execution [CVE-2020-14825]high10.0---
163188Oracle WebLogic Server Remote Code Execution [CVE-2020-14841]high10.0---
163187Oracle WebLogic Server Console Remote Code Execution [CVE-2020-14882]high10.0---
163186Oracle WebLogic Server Centralized Thirdparty Jars deserializationhigh10.0---
163185Oracle WebCenter Portal Security Framework deserialization [CVE-2019-10173]high10.0---
163184Oracle WebCenter Portal Security Framework Remote Code Executionhigh10.0---
163183Oracle WebCenter Portal Portlet Services xml external entity referencehigh10.0---
163182Oracle HTTP Server Web Listener buffer overflow [CVE-2019-5482]high10.0---
163181Oracle GoldenGate Application Adapters Security Service out-of-bounds readhigh10.0---
163180Oracle GoldenGate Application Adapters Build Request deserializationhigh10.0---
163179Oracle GoldenGate Application Adapters deserialization [CVE-2018-8088]high10.0---
163178Oracle Enterprise Repository Security Subsystem - 12c Remote Code Executionhigh10.0---
163177Oracle Endeca Information Discovery Studio Endeca Server deserializationhigh10.0---
163176Oracle Endeca Information Discovery Integrator Integrator ETL xml external entity referencehigh10.0---
163175Oracle Data Integrator Install/config/upgrade input validationhigh10.0---
163174Oracle Access Manager Web Server Plugin out-of-bounds read [CVE-2018-11058]high10.0---
163173Oracle Identity Manager Connector General/Misc deserializationhigh10.0---
163172Oracle Hospitality RES 3700 CAL information disclosure [CVE-2020-14783]medium5.0---
163171Oracle Hospitality Reporting and Analytics Installation information disclosuremedium4.6---
163170Oracle Hospitality Simphony Simphony Apps cross site scriptingmedium6.4---
163169Oracle Hospitality Materials Control Mobile Authorization cross site scriptingmedium6.4---
163168Oracle FLEXCUBE Private Banking information disclosure [CVE-2020-9488]low2.6---
163167Oracle FLEXCUBE Core Banking information disclosure [CVE-2020-9488]low2.6---
163166Oracle Financial Services Retail Customer Analytics User Interface information disclosurelow2.6---
163165Oracle Financial Services Price Creation and Discovery User Interface information disclosurelow2.6---
163164Oracle Financial Services Market Risk Measurement and Management Infrastructure information disclosurelow2.6---
163163Oracle Financial Services Institutional Performance Analytics User Interface information disclosurelow2.6---
163162Oracle Financial Services Analytical Applications Infrastructure information disclosurelow2.6---
163161Oracle FLEXCUBE Core Banking information disclosure [CVE-2019-10247]medium5.0---
163160Oracle FLEXCUBE Private Banking denial of service [CVE-2020-1951]medium4.9---
163159Oracle Insurance Data Foundation Infrastructure cross site scriptingmedium6.4---
163158Oracle Insurance Allocation Manager for Enterprise Profitability User Interface cross site scriptingmedium6.4---
163157Oracle Insurance Accounting Analyzer IFRS17 cross site scriptingmedium6.4---
163156Oracle FLEXCUBE Private Banking cross site scripting [CVE-2020-1941]medium6.4---
163155Oracle Financial Services Regulatory Reporting for US Federal Reserve User Interface cross site scriptingmedium6.4---
163154Oracle Financial Services Regulatory Reporting for European Banking Authority User Interface cross site scriptingmedium6.4---
163153Oracle Financial Services Profitability Management User Interface cross site scriptingmedium6.4---
163152Oracle Financial Services Price Creation and Discovery User Interface cross site scriptingmedium6.4---
163151Oracle Financial Services Market Risk Measurement and Management Infrastructure cross site scriptingmedium6.4---
163150Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface cross site scriptingmedium6.4---
163149Oracle Financial Services Liquidity Risk Measurement and Management User Interface cross site scriptingmedium6.4---
163148Oracle Financial Services Liquidity Risk Management User Interface cross site scriptingmedium6.4---
163147Oracle Financial Services Institutional Performance Analytics User Interface cross site scriptingmedium6.4---
163146Oracle Financial Services Hedge Management and IFRS Valuations User Interface cross site scriptingmedium6.4---
163145Oracle Financial Services Funds Transfer Pricing User Interface cross site scriptingmedium6.4---
163144Oracle Financial Services Data Integration Hub User Interface cross site scriptingmedium6.4---
163143Oracle Financial Services Data Governance for US Regulatory Reporting User Interface cross site scriptingmedium6.4---
163142Oracle Financial Services Data Foundation Infrastructure cross site scriptingmedium6.4---
163141Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach User Interface cross site scriptingmedium6.4---
163140Oracle Financial Services Basel Regulatory Capital Basic User Interface cross site scriptingmedium6.4---
163139Oracle Financial Services Balance Sheet Planning User Interface cross site scriptingmedium6.4---
163138Oracle Financial Services Asset Liability Management User Interface cross site scriptingmedium6.4---
163137Oracle Financial Services Analytical Applications Reconciliation Framework User Interface cross site scriptingmedium6.4---
163136Oracle Financial Services Analytical Applications Infrastructure cross site scriptingmedium6.4---
163135Oracle Banking Digital Experience Framework cross site scriptingmedium6.4---
163134Oracle FLEXCUBE Universal Banking Infrastructure information disclosuremedium6.8---
163133Oracle FLEXCUBE Direct Banking Pre Login information disclosuremedium7.8---
163132Oracle FLEXCUBE Direct Banking Pre Login information disclosuremedium7.8---
163131Oracle Banking Payments information disclosure [CVE-2020-14896]medium6.8---
163130Oracle Banking Corporate Lending information disclosure [CVE-2020-14894]medium6.8---
IDTitleVulDBCVSSSecuniaXForceNessus
163129Oracle FLEXCUBE Private Banking code download [CVE-2020-5398]medium7.6---
163128Oracle Financial Services Regulatory Reporting with AgileREPORTER code downloadmedium7.6---
163127Oracle Banking Digital Experience Framework deserialization [CVE-2020-14195]medium7.6---
163126Oracle Financial Services Analytical Applications Infrastructure denial of servicemedium7.8---
163125Oracle FLEXCUBE Private Banking deserialization [CVE-2020-11973]high10.0---
163124Oracle Financial Services Retail Customer Analytics User Interface deserializationhigh10.0---
163123Oracle Financial Services Regulatory Reporting with AgileREPORTER deserializationhigh10.0---
163122Oracle Financial Services Price Creation and Discovery User Interface deserializationhigh10.0---
163121Oracle Financial Services Institutional Performance Analytics User Interface deserializationhigh10.0---
163120Oracle Financial Services Analytical Applications Infrastructure deserializationhigh10.0---
163119Oracle Financial Services Analytical Applications Infrastructure xml external entity referencehigh10.0---
163118Oracle Banking Platform Collections deserialization [CVE-2019-10173]high10.0---
163117Oracle Banking Platform Collections xml external entity referencehigh10.0---
163116Oracle Banking Platform Collections cross site scripting [CVE-2019-17495]high10.0---
163115Oracle Enterprise Manager for Peoplesoft PSEM Plugin information disclosurelow2.6---
163114Oracle Enterprise Manager Base Platform Connector Framework information disclosuremedium4.6---
163113Oracle Enterprise Manager Ops Center Reports in Ops Center cross site scriptingmedium6.4---
163112Oracle Enterprise Manager Base Platform Event Management unknown vulnerabilitymedium5.5---
163111Oracle Application Performance Management (APM) Comp Management/Life Cycle Management information disclosuremedium7.8---
163110Oracle Application Testing Suite Load Testing for Web Apps code downloadmedium7.6---
163109Oracle Enterprise Manager for Storage Management Privilege Management denial of servicemedium7.8---
163108Oracle Enterprise Manager Base Platform Connector Framework code downloadmedium7.6---
163107Oracle Application Testing Suite Load Testing for Web Apps operation after expirationhigh9.7---
163106Oracle Application Testing Suite Load Testing for Web Apps out-of-bounds readhigh10.0---
163105Oracle Enterprise Manager Ops Center Agent Provisioning xml external entity referencehigh10.0---
163104Oracle Installed Base APIs unknown vulnerability [CVE-2020-14822]medium5.0---
163103Oracle Applications Framework Popup windows unknown vulnerabilitymedium5.0---
163102Oracle Application Object Library Diagnostics unknown vulnerabilitymedium5.0---
163101Oracle Applications Manager SQL Extensions information disclosuremedium5.0---
163100Oracle Applications Manager AMP EBS Integration information disclosuremedium5.0---
163099Oracle CRM Technical Foundation Preferences unknown vulnerabilitymedium7.7---
163098Oracle Applications Manager Oracle Diagnostics Interfaces unknown vulnerabilitymedium6.4---
163097Oracle CRM Technical Foundation Preferences denial of servicemedium7.8---
163096Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163095Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163094Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163093Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163092Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163091Oracle Trade Management User Interface unknown vulnerabilitymedium8.5---
163090Oracle One-to-One Fulfillment Print Server unknown vulnerabilitymedium8.5---
163089Oracle One-to-One Fulfillment Print Server unknown vulnerabilitymedium8.5---
163088Oracle Marketing Marketing Administration unknown vulnerabilitymedium8.5---
163087Oracle Marketing Marketing Administration unknown vulnerabilitymedium8.5---
163086Oracle Marketing Marketing Administration unknown vulnerabilitymedium8.5---
163085Oracle Marketing Marketing Administration unknown vulnerabilitymedium8.5---
163084Oracle Marketing Marketing Administration unknown vulnerabilitymedium8.5---
163083Oracle CRM Technical Foundation Flex Fields unknown vulnerabilitymedium8.5---
163082Oracle Universal Work Queue Internal Operations Remote Privilege Escalationmedium9.0---
163081Oracle Trade Management User Interface unknown vulnerabilitymedium9.4---
163080Oracle Marketing Marketing Administration unknown vulnerabilitymedium9.4---
163079Oracle E-Business Suite Secure Enterprise Search Search Integration Engine unknown vulnerabilitymedium9.4---
163078Oracle Universal Work Queue Work Provider Administration Remote Code Executionhigh10.0---
163077Oracle Primavera Unifier information disclosure [CVE-2020-9488]low2.6---
163076Oracle Primavera Unifier Platform denial of service [CVE-2020-9489]medium4.9---
163075Oracle Primavera Unifier input validation [CVE-2018-17196]medium6.6---
163074Oracle Primavera Unifier Platform input validation [CVE-2019-17558]medium7.1---
163073Oracle Instantis EnterpriseTrack denial of service [CVE-2020-13935]medium7.8---
163072Oracle Primavera Unifier Platform xml external entity referencemedium10.0---
163071Oracle Primavera Unifier Platform xml external entity referencemedium9.4---
163070Oracle Primavera Gateway Admin cross site scripting [CVE-2019-17495]high10.0---
163069Oracle Instantis EnterpriseTrack buffer overflow [CVE-2020-11984]high10.0---
163068Oracle Communications Services Gatekeeper Media Control UI information disclosurelow2.6---
163067Oracle Communications Application Session Controller WS/WEB information disclosurelow2.6---
163066Oracle Communications Session Route Manager information disclosuremedium4.6---
163065Oracle Communications Session Report Manager information disclosuremedium4.6---
163064Oracle Communications Element Manager information disclosuremedium4.6---
163063Oracle Communications Diameter Signaling Router IDIH information disclosuremedium4.6---
163062Oracle Communications Diameter Signaling Router denial of servicemedium5.0---
163061Oracle Communications Diameter Signaling Router User Interface unknown vulnerabilitymedium5.5---
163060Oracle Communications Diameter Signaling Router IDIH information disclosuremedium4.6---
163059Oracle Enterprise Session Border Controller cross site scriptingmedium6.4---
163058Oracle Communications WebRTC Session Controller ME cross site scriptingmedium6.4---
163057Oracle Communications Diameter Signaling Router User Interface unknown vulnerabilitymedium6.4---
163056Oracle Communications Diameter Signaling Router Platform cross site scriptingmedium6.4---
163055Oracle Communications Diameter Signaling Router IDIH cross site scriptingmedium6.4---
163054Oracle Communications Diameter Signaling Router IDIH cross site scriptingmedium6.4---
163053Oracle Communications Application Session Controller cross site scriptingmedium6.4---
163052Oracle Communications Session Route Manager information disclosuremedium6.8---
163051Oracle Communications Session Report Manager information disclosuremedium6.8---
163050Oracle Communications Element Manager information disclosuremedium6.8---
163049Oracle Communications Session Border Controller Platform integer overflowmedium6.5---
163048Oracle Communications Diameter Signaling Router IDIH information disclosuremedium5.6---
163047Oracle Communications Session Route Manager deserialization [CVE-2020-9484]medium6.0---
163046Oracle Communications Session Report Manager deserializationmedium6.0---
163045Oracle Communications Element Manager deserialization [CVE-2020-9484]medium6.0---
163044Oracle Communications Diameter Signaling Router deserializationmedium6.0---
163043Oracle Communications Diameter Signaling Router IDIH deserializationmedium7.5---
163042Oracle Communications Session Route Manager denial of servicemedium7.8---
163041Oracle Communications Session Route Manager denial of servicemedium7.8---
163040Oracle Communications Session Report Manager denial of servicemedium7.8---
163039Oracle Communications Session Border Controller System denial of servicemedium7.8---
163038Oracle Communications Element Manager denial of service [CVE-2019-12402]medium7.8---
163037Oracle Communications Diameter Signaling Router IDIH denial of servicemedium7.8---
163036Oracle Communications Diameter Signaling Router IDIH code downloadmedium7.6---
163035Oracle Communications Session Route Manager deserialization [CVE-2020-14195]medium7.6---
163034Oracle Communications Session Report Manager deserializationmedium7.6---
163033Oracle Communications Evolved Communications Application Server Universal Data Record deserializationmedium7.6---
163032Oracle Communications Element Manager deserialization [CVE-2020-14195]medium7.6---
163031Oracle Communications Diameter Signaling Router IDIH deserializationmedium7.6---
163030Oracle Communications Session Route Manager operation after expirationhigh9.7---
163029Oracle Communications Session Report Manager operation after expirationhigh9.7---
163028Oracle Communications Element Manager operation after expirationhigh9.7---
163027Oracle Communications Application Session Controller WS/WEB operation after expirationhigh9.7---
163026Oracle Communications Session Route Manager xml external entity referencehigh10.0---
163025Oracle Communications Session Route Manager buffer overflow [CVE-2020-11984]high10.0---
163024Oracle Communications Session Report Manager buffer overflowhigh10.0---
163023Oracle Communications Element Manager buffer overflow [CVE-2020-11984]high10.0---
163022Oracle Communications EAGLE Software Network Stack memory corruptionhigh10.0---
163021Oracle Communications Diameter Signaling Router Platform Remote Code Executionhigh10.0---
163020Oracle Communications Diameter Signaling Router IDIH xml external entity referencehigh10.0---
163019Oracle Communications Diameter Signaling Router IDIH Remote Code Executionhigh10.0---
163018Oracle Communications Diameter Signaling Router IDIH deserializationhigh10.0---
163017Oracle Communications Application Session Controller WS/WEB xml external entity referencehigh10.0---
163016Oracle Communications Unified Inventory Management information disclosurelow2.6---
163015Oracle Communications Offline Mediation Controller information disclosurelow2.6---
163014Oracle Communications Billing and Revenue Management Billing Operation Center information disclosurelow2.6---
163013Oracle Communications Messaging Server denial of service [CVE-2020-9489]medium4.9---
163012Oracle Communications Billing and Revenue Management Billing Operation Center cross site scriptingmedium6.4---
163011Oracle Communications Billing and Revenue Management integer overflowmedium9.0---
163010Oracle Communications Unified Inventory Management deserializationhigh10.0---
163009Oracle Communications Unified Inventory Management xml external entity referencehigh10.0---
163008Oracle Communications BRM Elastic Charging Engine Diameter Gateway/SDK deserializationhigh10.0---
163007Oracle TimesTen In-Memory Database Apache ZooKeeper information disclosuremedium5.4---
163006Oracle TimesTen In-Memory Database Dave Gamble/cJSON denial of servicemedium7.8---
163005Oracle TimesTen In-Memory Database Apache Log4j deserializationhigh10.0---
163004Oracle TimesTen In-Memory Database EM TimesTen plugin out-of-bounds readhigh10.0---
163003Oracle REST Data Services General information disclosure [CVE-2020-14745]medium4.0---
163002Oracle REST Data Services jQuery cross site scripting [CVE-2020-11023]medium6.4---
163001Oracle REST Data Services General information disclosure [CVE-2020-14744]medium6.8---
163000Oracle REST Data Services Apache Commons FileUpload access controlmedium9.0---
162999Oracle REST Data Services Eclipse Jetty request smuggling [CVE-2017-7658]high10.0---
162998Oracle Big Data Graph Spatial/Graph deserialization [CVE-2019-0192]high10.0---
162997Oracle Database Server Core RDBMS unknown vulnerability [CVE-2020-14742]low3.3---
162996Oracle Database Server SQL Developer Install information disclosurelow1.7---
162995Oracle Database Server Java VM unknown vulnerability [CVE-2020-14743]low2.1---
162994Oracle Database Server Database Vault unknown vulnerability [CVE-2020-14736]low4.7---
162993Oracle Database Server RDBMS Security information disclosuremedium6.1---
162992Oracle Database Server Database Filesystem denial of servicemedium6.1---
162991Oracle Database Server Oracle Application Express Quick Poll unknown vulnerabilitymedium5.5---
162990Oracle Database Server Oracle Application Express Packaged Apps unknown vulnerabilitymedium5.5---
162989Oracle Database Server Oracle Application Express Group Calendar unknown vulnerabilitymedium5.5---
162988Oracle Database Server Oracle Application Express Data Reporter unknown vulnerabilitymedium5.5---
162987Oracle Database Server Oracle Application Express cross site scriptingmedium5.5---
162986Oracle Database Server Oracle Application Express unknown vulnerabilitymedium5.5---
162985Oracle Database Server ORDS cross site scripting [CVE-2020-11023]medium6.4---
162984Oracle Database Server Application Express cross site scriptingmedium6.4---
162983Oracle Database Server Workload Manager denial of service [CVE-2020-13935]medium7.8---
162982Oracle Database Server Oracle Text Remote Code Execution [CVE-2020-14734]medium7.6---
162981Oracle Database Server Scheduler Local Privilege Escalation [CVE-2020-14735]medium6.8---
162980Oracle Database Server bzip2 out-of-bounds write [CVE-2019-12900]medium9.0---
162979Lightning Network Daemon HTLC improper validation of integrity check valuemedium6.0---
162978Lightning Network Daemon HTLC Transaction improper validation of integrity check valuelow4.9---
162977TIBCO Foresight Archive and Retrieval System Transaction Insight Reporting sql injectionmedium6.0---
162976Yandex Browser Address Bar clickjacking [CVE-2020-7371]medium7.5---
162975Danyil Vasilenko Bolt Browser Address Bar clickjacking [CVE-2020-7370]medium7.5---
162974Yandex Browser Address Bar clickjacking [CVE-2020-7369]medium7.5---
162973Ucweb UC Browser Address Bar clickjacking [CVE-2020-7364]medium6.8---
162972Ucweb UC Browser Address Bar clickjacking [CVE-2020-7363]medium6.8---
162971Nagios XI Apache User neutralization [CVE-2020-5792]medium5.4---
162970Apache Operating System os command injection [CVE-2020-5791]medium5.4---
162969Nagios XI cross-site request forgery [CVE-2020-5790]low4.3---
162968VMware ESXi/Workstation/Fusion VMCI Host Driver resource consumptionlow3.5---
162967VMware vCenter Server Appliance Appliance Management Interface certificate validationlow2.3---
162966VMware NSX-T NSX Manager unknown vulnerability [CVE-2020-3993]low4.9---
162965VMware ESXi OpenSLP use after free [CVE-2020-3992]medium5.8---
162964VMware ESXi/Workstation/Fusion VMX Process out-of-bounds writemedium8.3---
162963VMware ESXi/Workstation/Fusion VMX Process out-of-bounds readlow4.9---
162962Mozilla Network Security Services CCS Message denial of servicelow3.5---
162961R-SeeNet Webpage sql injection [CVE-2020-25157]medium6.0---
162960InterMind iMind Self-Diagnostic Archive information disclosurelow4.3---
162959Adobe Marketo Sales Insight Plugin cross site scripting [CVE-2020-24416]low5.0---
162958Adobe Illustrator SVG File memory corruption [CVE-2020-24415]medium7.5---
162957Adobe Illustrator SVG File memory corruption [CVE-2020-24414]medium7.5---
162956Adobe Illustrator SVG File memory corruption [CVE-2020-24413]medium7.5---
162955Adobe Illustrator SVG File memory corruption [CVE-2020-24412]medium7.5---
162954Adobe Illustrator PDF File out-of-bounds write [CVE-2020-24411]medium7.5---
162953Adobe Illustrator PDF File out-of-bounds read [CVE-2020-24410]medium7.5---
162952Adobe Illustrator PDF File out-of-bounds read [CVE-2020-24409]medium7.5---
162951Netwrix Account Lockout Examiner improper authentication [CVE-2020-15931]low3.5---
162950Spree Storefront API v2 Endpoint session expiration [CVE-2020-15269]low5.1---
162949Boxstarter Installer WptsExtensions.dll DllMain untrusted search pathhigh9.0---
162948DomainMod Password Storage hash without salt [CVE-2019-9080]low2.3---
162947SAP NetWeaver Design Time Repository cross site scripting [CVE-2020-6370]low3.3---
162946SAP Solution Manager/Focused Run hard-coded password [CVE-2020-6369]medium7.5---
162945SAP NetWeaver Composite Application Framework cross site scriptinglow5.0---
162944SAP NetWeaver Compare Systems information disclosure [CVE-2020-6366]low3.3---
162943SAP Banking Services Report access control [CVE-2020-6362]medium4.9---
162942SAP 3D Visual Enterprise Viewer VE Viewer information disclosurelow4.3---
162941SAP BusinessObjects Business Intelligence Platform Web Services server-side request forgerymedium6.8---
162940IBM Spectrum Scale/Elastic Storage System denial of service [CVE-2020-4756]medium4.6---
162939IBM Spectrum Scale Web UI cross site scripting [CVE-2020-4755]low4.0---
162938IBM Spectrum Scale missing secure attribute [CVE-2020-4749]low2.6---
162937IBM Spectrum Scale Web UI cross site scripting [CVE-2020-4748]medium6.4---
162936IBM Sterling B2B Integrator Standard Edition Web UI cross site scriptinglow4.0---
162935IBM Spectrum Scale mmfsd denial of service [CVE-2020-4491]low1.7---
162934GE Reason S20 Ethernet Switch cross site scripting [CVE-2020-16246]low3.8---
162933IBM Sterling B2B Integrator Standard Edition Back-End Database sql injectionmedium6.5---
162932osm-static-maps cross site scripting [CVE-2020-7749]low5.5---
162931@tsed deepExtend resource consumptionlow5.1---
162929OneThird CMS file inclusion [CVE-2020-5640]medium6.8---
162928Huawei Mate 30 use after free [CVE-2020-9263]medium5.1---
162927Huawei Mate 20 Bluetooth Module buffer overflow [CVE-2020-9113]medium5.4---
162926Huawei Taurus-AN00B information disclosure [CVE-2020-9112]low2.3---
162925Huawei E6878-370/E6878-870 Event denial of service [CVE-2020-9111]low2.3---
162924Huawei Mate 20 cross site scripting [CVE-2020-9092]low3.5---
162923HPE Intelligent Management Center iccselectrules injectionmedium6.0---
162922HPE Intelligent Management Center perfaddormoddevicemonitor injectionmedium6.0---
162921HPE Intelligent Management Center ictexpertcsvdownload injectionmedium6.0---
162920HPE Intelligent Management Center devicethresholdconfig injectionmedium6.0---
162919HPE Intelligent Management Center devsoftsel injectionmedium6.0---
162918HPE Intelligent Management Center deviceselect injectionmedium6.0---
162917HPE Intelligent Management Center faultflasheventselectfact injectionmedium6.0---
162916HPE Intelligent Management Center userselectpagingcontent injectionmedium6.0---
162915HPE Intelligent Management Center reportpage injectionmedium6.0---
162914HPE Intelligent Management Center powershellconfigcontent injectionmedium6.0---
162913HPE Intelligent Management Center tvxlanlegend injectionmedium6.0---
162912HPE Intelligent Management Center viewbatchtaskresultdetailfact injectionmedium6.0---
162911HPE Intelligent Management Center forwardredirect injectionmedium6.0---
162910HPE Intelligent Management Center sshconfig injectionmedium6.0---
162909HPE Intelligent Management Center smsrulesdownload injectionmedium6.0---
162908HPE Intelligent Management Center ictexpertdownload injectionmedium6.0---
162907HPE Intelligent Management Center thirdpartyperfselecttask injectionmedium6.0---
162906HPE Intelligent Management Center mediaforaction injectionmedium6.0---
162905HPE Intelligent Management Center wmiconfigcontent injectionmedium6.0---
162904HPE Intelligent Management Center viewtaskresultdetailfact injectionmedium6.0---
162903HPE Intelligent Management Center iccselectdymicparam injectionmedium6.0---
162902HPE Intelligent Management Center soapconfigcontent injectionmedium6.0---
162901HPE Intelligent Management Center actionselectcontent injectionmedium6.0---
162900HPE Intelligent Management Center templateselect injectionmedium6.0---
162899HPE Intelligent Management Center guidatadetail injectionmedium6.0---
162898HPE Intelligent Management Center injection [CVE-2020-7170]medium6.0---
162897HPE Intelligent Management Center ictexpertcsvdownload injectionmedium6.0---
162896HPE Intelligent Management Center selectusergroup injectionmedium6.0---
162895HPE Intelligent Management Center quicktemplateselect injectionmedium6.0---
162894HPE Intelligent Management Center operatorgrouptreeselectcontent injectionmedium6.0---
162893HPE Intelligent Management Center iccselectcommand injectionmedium6.0---
162892HPE Intelligent Management Center operationselect injectionmedium6.0---
162891HPE Intelligent Management Center navigationto injectionmedium6.0---
162890HPE Intelligent Management Center operatorgroupselectcontent injectionmedium6.0---
162889HPE Intelligent Management Center reporttaskselect injectionmedium6.0---
162888HPE Intelligent Management Center iccselectdeviceseries injectionmedium6.0---
162887HPE Intelligent Management Center customtemplateselect injectionmedium6.0---
162886HPE Intelligent Management Center perfselecttask injectionmedium6.0---
162885HPE Intelligent Management Center selviewnavcontent injectionmedium6.0---
162884HPE Intelligent Management Center faultinfo_content injectionmedium6.0---
162883HPE Intelligent Management Center injection [CVE-2020-7155]medium6.0---
162882HPE Intelligent Management Center ifviewselectpage injectionmedium6.0---
162881HPE Intelligent Management Center iccselectdevtype injectionmedium6.0---
162880HPE Intelligent Management Center faultparasset injectionmedium6.0---
162879HPE Intelligent Management Center faulttrapgroupselect injectionmedium6.0---
162878HPE Intelligent Management Center faultstatchoosefaulttype injectionmedium6.0---
162877HPE Intelligent Management Center ictexpertcsvdownload injectionmedium6.0---
162876HPE Intelligent Management Center deployselectsoftware injectionmedium6.0---
162875HPE Intelligent Management Center injection [CVE-2020-7147]medium6.0---
162874HPE Intelligent Management Center devgroupselect injectionmedium6.0---
162873HPE Intelligent Management Center chooseperfview injection [CVE-2020-7145]medium6.0---
162872HPE Intelligent Management Center comparefilesresult injectionmedium6.0---
162871HPE Intelligent Management Center faultdevparasset injectionmedium6.0---
162870HPE Intelligent Management Center eventinfo_content injectionmedium6.0---
162869HPE Intelligent Management Center adddevicetoview injectionmedium6.0---
162868Allen-Bradley Flex IO 1794-AENT-B denial of service [CVE-2020-6085]low2.3---
162867Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Logical Segment denial of servicelow2.3---
162866Matrix Synapse Session m.login.recaptcha cross site scriptinglow3.5---
162865HPE Intelligent Management Center addvsiinterfaceinfo injectionmedium6.0---
162864HPE Intelligent Management Center injection [CVE-2020-24651]medium6.0---
162863HPE Intelligent Management Center injection [CVE-2020-24650]medium6.0---
162862HPE Intelligent Management Center input validation [CVE-2020-24649]medium6.0---
162861HPE Intelligent Management Center accessmgrservlet deserializationmedium6.0---
162860HPE Intelligent Management Center accessmgrservlet input validationmedium6.0---
162859HPE Intelligent Management Center tftpserver buffer overflowmedium6.0---
162858HPE Intelligent Management Center operatoronlinelist_content access controlmedium6.0---
162857HPE Intelligent Management Center improper authentication [CVE-2020-24629]medium6.0---
162856yubihsm-shell Process _send_secure_msg denial of servicelow2.3---
162855yubihsm-shell Operations yh_create_session out-of-bounds writelow2.3---
162854Freebox Server UPnP MediaServer dns rebinding [CVE-2020-24375]medium4.9---
162853GoPro gpmf-parser GPMF_ScaledData divide by zerolow2.3---
162852GoPro gpmf-parser GPMF_Decompress divide by zerolow2.3---
162851GoPro gpmf-parser GPMF_ScaledData out-of-bounds readmedium4.9---
162850GoPro gpmf-parser GPMF_ExpandComplexTYPE out-of-bounds writelow4.9---
162849JetBrains YouTrack URL Filter server-side request forgery [CVE-2020-15822]medium4.9---
162848Orchid Platform Attribute cross site scripting [CVE-2020-15263]low5.0---
162847webpack-subresource-integrity Chunk improper validation of integrity check valuelow2.6---
162846Veyon Service unquoted search path [CVE-2020-15261]high6.8---
162845object-path includeInheritedProps Mode set code injectionmedium5.1---
162844Sylius Verification mail@example.com authentication spoofinglow4.0---
162843Apache Kylin Restful API improper authentication [CVE-2020-13937]low2.9---
162842Sprecher SPRECON-E Configuration File command injection [CVE-2020-11496]low4.1---
162841Infinispan REST API/HotRod API authorization [CVE-2020-10746]low4.1---
162840Blinger.io Built-In Communication Channel cross site scriptinglow3.5---
162839tcpreplay tcpprep get_l2len heap-based overflowlow2.3---
162838tcpreplay tcpprep MemcmpInterceptorCommon heap-based overflowlow3.5---
162837Tink Java missing encryption [CVE-2020-8929]medium6.4---
162836SolarWinds N-central Cookie information disclosure [CVE-2020-15910]low2.6---
162835SolarWinds N-central session fixiation [CVE-2020-15909]medium4.9---
162834rConfig GET Request ajaxAddTemplate.php os command injectionmedium4.9---
162833MintegralAdSDK backdoor [CVE-2020-7745]medium7.5---
162832Linux Kernel KDGKBSENT/KDSKBSENT vt_do_kdgkb_ioctl race conditionhigh9.0---
162831Sage EasyPay Transformation cross site scripting [CVE-2020-13893]low3.5---
162830OX Software OX App Suite/OX Documents API server-side request forgerylow4.0---
162829OX Software OX App Suite/OX Documents Backend information disclosurelow1.7---
162828OX Software OX App Suite/OX Documents Backend cross site scritinglow1.7---
162827TAXII libtaxii XML Parser server-side request forgery [CVE-2020-27197]medium4.9---
162826Linux Kernel 64-bit Value verifier.c scalar32_min_max_or memory corruptionlow4.9---
162825Overwolf access control [CVE-2020-25214]medium4.9---
162824Microsoft Visual Studio Code JSON Remote Code Execution [CVE-2020-17023]medium7.5---
162823Microsoft Windows Codecs Library memory corruption [CVE-2020-17022]medium7.2---
162822Juniper Junos Virtual Chassis resource consumption [CVE-2020-1689]medium6.1---
162821ClearPass Junos Web API key management [CVE-2020-1688]low1.7---
162820Juniper Junos VXLAN resource consumption [CVE-2020-1687]medium6.1---
162819Juniper Junos vmcore double free [CVE-2020-1686]medium7.8---
162818Juniper Junos Firewall Filter information exposure [CVE-2020-1685]low3.3---
162817Juniper Junos HTTP Traffic resource consumption [CVE-2020-1684]medium7.8---
162816Juniper Junos vmcore memory leak [CVE-2020-1683]medium7.8---
162815Juniper Junos srxpfe denial of service [CVE-2020-1682]low4.6---
162814Juniper Junos NDP exceptional condition [CVE-2020-1681]medium6.1---
162812Juniper Junos NAT64 format string [CVE-2020-1680]low5.0---
162811Juniper Junos Packet Forwarding Engine denial of service [CVE-2020-1679]medium7.8---
162810Juniper Junos BGP Packet memory leak [CVE-2020-1678]medium6.1---
162809Juniper Mist Cloud UI SAML Response improper authentication [CVE-2020-1677]medium6.4---
162808Juniper Mist Cloud UI SAML Response improper authentication [CVE-2020-1676]medium6.4---
162807Juniper Mist Cloud UI SAML improper authentication [CVE-2020-1675]medium7.5---
162806Juniper Junos MACsec Packet protection mechanism [CVE-2020-1674]low4.8---
162805Juniper Junos J-Web cross site scripting [CVE-2020-1673]low5.0---
162804Juniper Junos jdhcpd denial of service [CVE-2020-1672]medium7.8---
162803Juniper Junos JDHCPD out-of-bounds read [CVE-2020-1671]medium7.8---
162802Juniper Junos Routing Engine resource consumption [CVE-2020-1670]medium6.1---
162801Juniper Junos Device Manager Container passwd credentials storagelow4.0---
162800Juniper Junos Routing Engine resource consumption [CVE-2020-1668]medium7.8---
162799Juniper Junos Multiservices PIC Management Daemon race conditionmedium7.5---
162798Juniper Junos System Console access control [CVE-2020-1666]low4.6---
162797Juniper Junos Packet Forwarding Engine denial of service [CVE-2020-1665]low5.0---
162796Juniper Junos Daemon stack-based overflow [CVE-2020-1664]medium6.8---
162795Juniper Junos RPD denial of service [CVE-2020-1662]medium7.8---
162794Juniper Junos jdhcp denial of service [CVE-2020-1661]low5.0---
162793Juniper Junos Multiservices PIC Management Daemon denial of servicemedium7.5---
162792Juniper Junos key-management-daemon denial of service [CVE-2020-1657]medium7.8---
162791Juniper Junos DHCPv6 Relay-Agent Service null pointer dereferencemedium10.0---
162790EZCast Pro II Administration Panel information disclosure [CVE-2019-12305]low3.3---
162789IBM Resilient OnPrem command injection [CVE-2020-4636]medium5.8---
162788IBM Security Guardium Big Data Intelligence inadequate encryptionlow2.6---
162787Apereo CAS Secret Key improper authentication [CVE-2020-27178]low2.3---
162786Dell EMC NetWorker improper authorization [CVE-2020-26183]medium6.5---
162785Dell EMC NetWorker privileges assignment [CVE-2020-26182]low6.5---
162784Wire URL shell.openExternal input validationmedium7.5---
162783Anuko Time Tracker CSV Export injection [CVE-2020-15255]medium6.5---
162782crossbeam-channel from_iter memory corruptionlow5.1---
162781XWiki Application Server Servlet code injection [CVE-2020-15252]medium4.6---
162780containerd insufficiently protected credentials [CVE-2020-15157]low2.6---
162779VMware Horizon Client Installation access control [CVE-2020-3991]low4.9---
162778Aptean Product Configurator Main Login Page sql injection [CVE-2020-26944]medium6.5---
162777ClamXAV Helper Tool injection [CVE-2020-26893]medium4.9---
162776libass ass_outline_construct integer overflowmedium4.9---
162775Testimonial Rotator Plugin post.php cross site scriptinglow3.5---
162774Magento File Upload cross site scripting [CVE-2020-24408]low4.3---
162773OLIMPOKS Error Message cross site scripting [CVE-2020-16270]low3.5---
162772Gogs git Hook os command injection [CVE-2020-15867]medium6.0---
162771Red Hat JBoss EAP Legacy SecurityRealm improper authenticationlow4.9---
162770Gitea git Hook os command injection [CVE-2020-14144]medium6.0---
162769Bender COMTRAXX CP915 improper authorization [CVE-2019-19885]medium4.0---
162768BASSMIDI Plugin out-of-bounds write [CVE-2019-19513]low4.9---
162767BASS Audio Library MP3 File BASS_StreamCreateFile infinite looplow2.3---
162766BASS Audio Library WAV File BASS_StreamCreateFile out-of-bounds readlow4.9---
162765BASS Audio Library OGG File BASS_StreamCreateFile use after freelow4.9---
162764Mark Text cross site scripting [CVE-2020-27176]low3.5---
162763Amazon AWS Firecracker Serial Console memory leak [CVE-2020-27174]low2.3---
162762OpenStack blazar-dashboard access control [CVE-2020-26943]medium4.9---
162761Sage DPW Kurskatalog cross site scripting [CVE-2020-26584]low3.5---
162760Sage DPW Expenses Claiming cross site scripting [CVE-2020-26583]low2.3---
162759PowerDNS Recursor Cached Record denial of service [CVE-2020-25829]low3.5---
162758QEMU ATI VGA Device ati_2d.c ati_2d_blt denial of servicelow2.3---
162757vm-superio Serial Console FIFO memory allocation [CVE-2020-27173]low3.5---
162756phpRedisAdmin login.php cross site scriptinglow3.5---
162755Siemens SIPORT MP Single Sign-On authentication spoofing [CVE-2020-7591]medium4.9---
162754OTRS Chat Conversation information disclosure [CVE-2020-1777]low5.0---
162753Siemens Desigo Insight Web Application information exposure [CVE-2020-15794]low3.5---
162752Siemens Desigo Insight X-Frame-Options clickjacking [CVE-2020-15793]medium4.3---
162751Siemens Desigo Insight Web Service sql injection [CVE-2020-15792]medium4.0---
162750Atlassian JIRA Server Issue Key ActionsAndOperations permissionmedium4.3---
162749Eclipse Vert.x Backslash path traversal [CVE-2019-17640]medium4.9---
162748F2fs-Tools F2fs.Fsck f2fs Filesystem fsck_chk_orphan_node heap-based overflowmedium4.9---
162747F2fs-Tools F2fs.Fsck f2fs Filesystem dev_read information disclosurelow2.3---
162746F2fs-Tools F2fs.Fsck Filesystem init_node_manager information disclosurelow2.3---
162745F2fs-Tools F2fs.Fsck f2fs Filesystem unknown vulnerability [CVE-2020-6105]medium4.9---
162744F2fs-Tools F2fs.Fsck f2fs Filesystem get_dnode_of_data information disclosurelow2.3---
162743Qualcomm QCMAP SetGatewayUrl os command injectionmedium4.3---
162742Qualcomm QCMAP Mobile Hotspot QCMAP_Web_CLIENT Tokenizer denial of servicelow2.3---
162741libarchive Archive File archive_string.c archive_string_append_from_wcs out-of-bounds writelow2.1---
162740B&R GateManager 4260/GateManager 9250 log file [CVE-2020-11646]low4.0---
162739B&R GateManager 4260/GateManager 9250 denial of service [CVE-2020-11645]low4.0---
162738B&R GateManager 4260/GateManager 9250 Audit Log neutralization for logslow4.0---
162737B&R GateManager 4260/GateManager 9250 information disclosurelow4.0---
162736B&R SiteManager file access [CVE-2020-11642]medium4.0---
162735B&R SiteManager file inclusion [CVE-2020-11641]medium4.0---
162734B&R Automation Runtime TFTP Service memory leak [CVE-2020-11637]low5.0---
162733com.mintegral.msdk:alphab Android SDK information disclosurelow5.0---
162732IBM Security Access Manager/Security Verify Access improper authenticationmedium7.5---
162731IBM Security Access Manager/Security Verify Access response splittingmedium7.5---
162730McAfee MVision Endpoint Core Trust Component security check for standardmedium6.5---
162729McAfee Active Response Core Trust Component security check for standardmedium6.5---
162728McAfee Application and Change Control MSI Configuration access controlmedium6.5---
162727Veritas APTARE Login improper authentication [CVE-2020-27157]low5.1---
162726Veritas APTARE Authorization improper authorization [CVE-2020-27156]medium6.8---
162725SAP 3D Visual Enterprise Viewer RH File denial of service [CVE-2020-6376]low4.0---
162724SAP 3D Visual Enterprise Viewer CGM File denial of service [CVE-2020-6375]low5.0---
162723SAP 3D Visual Enterprise Viewer JT File denial of service [CVE-2020-6374]low5.0---
162722SAP 3D Visual Enterprise Viewer PDF File denial of service [CVE-2020-6373]low5.0---
162721SAP 3D Visual Enterprise Viewer PDF File denial of service [CVE-2020-6372]low5.0---
162720SAP NetWeaver Application Server ABAP information disclosurelow4.0---
162719SAP Business Planning and Consolidation cross site scriptinglow4.0---
162718SAP NetWeaver AS JAVA Start Page redirect [CVE-2020-6365]medium6.8---
162717SAP Solution Manager/Focused Run CA Introscope Enterprise Manager code injectionmedium4.9---
162716SAP Commerce Cloud session expiration [CVE-2020-6363]low5.0---
162715SAP Netweaver Enterprise Portal Fiori Framework Page cross site scriptinglow3.5---
162714SAP NetWeaver Application Server Java cross site scripting [CVE-2020-6319]low4.3---
162713SAP Commerce Cloud Web CMS Components cross site scripting [CVE-2020-6272]low3.5---
162712Live Chat - Live Support cross-site request forgery [CVE-2020-5642]low4.3---
162711BlueZ MGMT Event att.c disconnect_cb double freemedium6.0---
162710ThinkPad ThinkPad Stack Wireless Router improper authenticationmedium5.8---
162709Lenovo Cloud Networking Operating System REST API input validationmedium7.6---
162708Lenovo HardwareScan Plugin Vantage Hardware Scan uncontrolled search pathmedium6.8---
162707Lenovo Diagnostics DLL untrusted search path [CVE-2020-8338]medium6.8---
162706Lenovo/IBM System X Server BIOS Mode USB Driver toctou [CVE-2020-8332]low3.5---
162705Rapid7 Nexpose sql injection [CVE-2020-7383]medium6.5---
162704McAfee ePolicy Orchistrator cross site scripting [CVE-2020-7318]low4.3---
162703McAfee ePolicy Orchistrator cross site scripting [CVE-2020-7317]low4.3---
162702Duo Network Gateway Log log file [CVE-2020-3483]low4.0---
162701Duo Authentication for Windows Logon/RDP improper authenticationmedium4.1---
162700Grocy Create Shopping List Module cross site scripting [CVE-2020-15253]low4.0---
162699Singularity unsquashfs path traversalmedium7.5---
162698Open Enclave Syscall information disclosure [CVE-2020-15224]low3.5---
162697Adobe Flash Player HTTP Response null pointer dereference [CVE-2020-9746]medium6.8---
162696BlackBerry UEM UEM Core Service denial of service [CVE-2020-6933]low2.3---
162695IBM Security Access Manager Appliance session expiration [CVE-2020-4395]low2.6---
162694Trend Micro Antivirus Webserver API access control [CVE-2020-27013]medium6.0---
162693Telegram Desktop Export Telegram Data wizard improper authenticationlow1.2---
162692Trend Micro Antivirus Kernel Extension information disclosurelow2.3---
162691Trend Micro Antivirus Web Threat Protection access control [CVE-2020-25777]medium4.9---
162690United Planet Intrexx Professional cross site scripting [CVE-2020-24188]low3.5---
162689Google Android Kernel binder.c binder_release_work use after freemedium6.6---
162688Google Android Pendingintent NotificationImportExportListener.java constructImportFailureNotification information disclosurelow1.5---
162687Google Android Error Handling String8.cpp appendFormatV privileges managementmedium4.1---
162686Google Android Permission Check GpuService.cpp setUpdatableDriverPath memory corruptionmedium4.1---
162685Google Android Permission Check PackageInstallerSession.java generateInfo information disclosurelow1.5---
162684Google Android Settings Screen permission [CVE-2020-0416]medium4.3---
162683Google Android SystemUI information disclosure [CVE-2020-0415]low1.5---
162682Google Android Audio Buffer Threads.cpp threadLoop information disclosurelow4.3---
162681Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp information disclosurelow4.3---
162680Google Android ActivityManagerService.java setProcessMemoryTrimLevel information disclosurelow1.5---
162679Google Android AACExtractor.cpp ~AACExtractor out-of-bounds writelow4.3---
162678Google Android Pendingintent SapServer.java setNotification information disclosurelow1.5---
162677Google Android String16.cpp remove integer overflowmedium4.1---
162676Google Android Pendingintent NotificationMgr.java showDataRoamingNotification information disclosurelow1.5---
162675Google Android PendingIntent Error NotificationMgr.java updateMwi information disclosurelow1.5---
162674Google Android Permission Check PasspointManager.java onWnmFrameReceived information disclosurelow1.5---
162673Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp out-of-bounds readlow5.0---
162672Google Android out-of-bounds read [CVE-2020-0376]low4.9---
162671Google Android out-of-bounds read [CVE-2020-0371]low4.9---
162670Google Android out-of-bounds write [CVE-2020-0367]low4.9---
162669Google Android out-of-bounds read [CVE-2020-0339]low4.9---
162668Google Android out-of-bounds write [CVE-2020-0283]low4.9---
162667Google Android Permission Check UiccAccessRule.java getCarrierPrivilegeStatus information disclosurelow1.5---
162666Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of servicemedium6.3---
162665Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of servicelow5.2---
162664Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Port Segment denial of servicelow2.3---
162663LAquis SCADA Project File out-of-bounds read [CVE-2020-25188]low4.9---
162662IProom MMC+ Server Login Page redirect [CVE-2020-24551]medium7.5---
162661Google Android SurfaceFlinger SurfaceFlinger.cpp createLayer privileges managementmedium4.3---
162660Siemens DCA Vantage Analyzer Onboard Database hard-coded passwordlow4.1---
162659McAfee Total Protection Task Scheduling privileges managementmedium4.1---
162658Trend Micro Antivirus Internationalized Domain Name access controlmedium6.8---
162657Linux Kernel Geneve Endpoint cleartext transmission [CVE-2020-25645]low2.6---
162656Foxit Reader Annotation Object use after free [CVE-2020-17417]medium6.8---
162655Foxit Reader JPEG2000 Image out-of-bounds write [CVE-2020-17416]medium6.8---
162654Foxit PhantomPDF Update Service permission assignment [CVE-2020-17415]medium8.5---
162653Foxit Reader Update Service permission [CVE-2020-17414]medium8.5---
162652Foxit PhantomPDF U3D Object stack-based overflow [CVE-2020-17413]medium6.8---
162651Foxit PhantomPDF U3D Object information disclosure [CVE-2020-17412]low4.3---
162650Foxit PhantomPDF U3D Object information disclosure [CVE-2020-17411]low4.3---
162649Foxit PhantomPDF GIF File access control [CVE-2020-17410]medium6.8---
162648Netgear R6120/R6080/R6260/R6220/R6020/JNR3210/WNR2020 mini_httpd Service improper authenticationlow2.9---
162647Microhard Bullet-LTE Authentication Header stack-based overflowmedium6.8---
162646Microhard Bullet-LTE tools.sh improper authenticationmedium8.5---
162645Siemens DCA Vantage Analyzer Kiosk Mode access control [CVE-2020-15797]medium4.4---
162644Channelmgnt Plug-In ACL access control [CVE-2020-15251]medium6.5---
162643Apache Solr API improper authorization [CVE-2020-13957]medium6.8---
162642AMD ATIKMDAG.SYS API out-of-bounds read [CVE-2020-12933]low4.9---
162641AMD Ryzen Master AMD Driver access control [CVE-2020-12928]high8.5---
162640AMD ATIKMDAG.SYS API out-of-bounds readlow5.2---
162639Apache Fineract information disclosure [CVE-2018-20243]low4.3---
162638Microsoft Windows Kernel memory corruption [CVE-2020-16890]medium9.0---
162637Microsoft Windows Remote Desktop Protocol information disclosurelow5.0---
162636Microsoft Windows Remote Desktop Protocol denial of service [CVE-2020-16927]low5.0---
162635Microsoft Windows Remote Desktop Service denial of service [CVE-2020-16863]low5.0---
162634Microsoft Windows Media Foundation memory corruption [CVE-2020-16915]medium7.5---
162633Microsoft Windows Unified Extensible Firmware Interface access controlmedium6.5---
162632Microsoft Windows Hyper-V memory corruption [CVE-2020-1047]medium6.5---
162631Microsoft Windows Win32k memory corruption [CVE-2020-16913]medium9.0---
162630Microsoft Windows Kernel Image memory corruption [CVE-2020-16892]low4.3---
162629Microsoft Windows KernelStream information disclosure [CVE-2020-16889]low4.0---
162628Microsoft Windows Installer access control [CVE-2020-16902]low4.3---
162627Microsoft Windows Hyper-V access control [CVE-2020-16891]medium4.3---
162626Microsoft Windows Hyper-V denial of service [CVE-2020-1243]low4.6---
162625Microsoft Windows NAT memory corruption [CVE-2020-16894]medium7.5---
162624Microsoft Windows Error Reporting access control [CVE-2020-16905]low6.5---
162623Microsoft Windows COM Server access control [CVE-2020-16916]medium6.5---
162622Microsoft Visual Studio Code Python Extension access controllow5.1---
162621Microsoft PowerShellGet WDAC access control [CVE-2020-16886]low5.8---
162620Microsoft Windows Camera Codec Pack memory corruption [CVE-2020-16968]medium7.5---
162619Microsoft Windows Camera Codec Pack memory corruption [CVE-2020-16967]medium7.5---
162618Microsoft Windows COM Server access control [CVE-2020-16935]medium6.5---
162617Microsoft Windows Backup Service access control [CVE-2020-16976]medium6.5---
162616Microsoft Windows Jet Database Engine memory corruption [CVE-2020-16924]medium7.5---
162615Microsoft Windows Storage VSP Driver access control [CVE-2020-16885]medium6.5---
162614Microsoft Windows Network Connections Service memory corruptionlow4.3---
162613Microsoft Windows Hyper-V memory corruption [CVE-2020-1080]medium4.3---
162612Microsoft Windows iSCSI Target Service access control [CVE-2020-16980]medium6.5---
162611Microsoft Windows Storage Services access control [CVE-2020-0764]medium6.5---
162610Microsoft Windows File Signature Validation signature verificationmedium7.5---
162609Microsoft Windows Backup Service access control [CVE-2020-16974]medium6.5---
162608Microsoft Windows Backup Service access control [CVE-2020-16973]medium6.5---
162607Microsoft Windows Backup Service access control [CVE-2020-16975]medium6.5---
162606Microsoft Windows Application Compatibility Client Library access controlmedium6.5---
162605Microsoft Windows Reparse Point access control [CVE-2020-16877]low5.5---
162604Microsoft Windows Backup Service improper authentication [CVE-2020-16972]medium6.5---
162603Microsoft Windows Application Compatibility Client Library access controlmedium6.5---
162602Microsoft Windows Text Services Framework information disclosurelow4.0---
162601Microsoft Windows Enterprise App Management Service information disclosurelow4.0---
162600Microsoft Windows Error Reporting Manager access control [CVE-2020-16895]medium6.5---
162599Microsoft Windows NetBIOS over TCP information disclosure [CVE-2020-16897]low4.0---
162598Microsoft Windows TCPIP Stack Remote Code Execution [CVE-2020-16898]medium7.5---
162597Microsoft Windows Backup Service access control [CVE-2020-16936]medium6.5---
162596Microsoft Windows Win32k memory corruption [CVE-2020-16907]medium9.0---
162595Microsoft Windows User Profile Service access control [CVE-2020-16940]medium6.5---
162594Microsoft Windows Backup Service access control [CVE-2020-16912]medium6.5---
162593Microsoft Windows Error Reporting access control [CVE-2020-16909]medium6.5---
162592Microsoft Windows Setup access control [CVE-2020-16908]low4.3---
162591Microsoft Windows TCPIP Stack denial of service [CVE-2020-16899]medium7.8---
162590Microsoft Windows Kernel information disclosure [CVE-2020-16901]low4.0---
162589Microsoft Windows Event System memory corruption [CVE-2020-16900]low4.6---
162588Microsoft SharePoint Server Application Package origin validationmedium7.5---
162587Microsoft SharePoint Server information disclosure [CVE-2020-16950]low1.7---
162586Microsoft SharePoint Server information disclosure [CVE-2020-16941]low1.4---
162585Microsoft SharePoint Server cross site scripting [CVE-2020-16946]low4.0---
162584Microsoft SharePoint Server cross site scripting [CVE-2020-16945]low4.0---
162583Microsoft SharePoint Server cross site scripting [CVE-2020-16944]low4.0---
162582Microsoft SharePoint Server Application Package access controlmedium7.5---
162581Microsoft SharePoint Server information disclosure [CVE-2020-16942]low0.8---
162580Microsoft SharePoint Server information disclosure [CVE-2020-16953]low4.0---
162579Microsoft SharePoint Server information disclosure [CVE-2020-16948]low4.0---
162578Microsoft 3D Viewer memory corruption [CVE-2020-17003]medium7.5---
162577Microsoft Office memory corruption [CVE-2020-16954]medium7.5---
162576Microsoft Excel memory corruption [CVE-2020-16931]medium7.5---
162575Microsoft Outlook memory corruption [CVE-2020-16947]medium7.5---
162574Microsoft Outlook denial of service [CVE-2020-16949]low2.1---
162573Microsoft 3D Viewer/365 Apps for Enterprise memory corruptionmedium7.5---
162572Microsoft Office Access Connectivity Engine memory corruptionmedium7.5---
162571Microsoft Office AppVLP access control [CVE-2020-16928]medium7.5---
162570Microsoft Office AppVLP access control [CVE-2020-16955]medium7.5---
162569Microsoft Office Excel memory corruption [CVE-2020-16930]medium7.5---
162568Microsoft Excel memory corruption [CVE-2020-16932]medium7.5---
162567Microsoft Office AppVLP improper authorization [CVE-2020-16934]medium7.5---
162566Microsoft Office memory corruption [CVE-2020-16929]medium7.5---
162565Microsoft Word LNK File 7pk security [CVE-2020-16933]medium7.5---
162564Microsoft Windows Kernel information disclosure [CVE-2020-16938]low4.6---
162563Microsoft Windows Graphics memory corruption [CVE-2020-1167]medium7.2---
162562Microsoft Windows Graphics memory corruption [CVE-2020-16923]medium7.2---
162561Microsoft Windows GDI+ information disclosure [CVE-2020-16914]low4.6---
162560Microsoft Windows GDI+ memory corruption [CVE-2020-16911]medium10.0---
162559Microsoft Exchange Server information disclosure [CVE-2020-16969]medium7.5---
162558Microsoft Dynamics 365 Commerce improper authorization [CVE-2020-16943]medium6.1---
162557Microsoft Microsoft Dynamics 365 cross site scripting [CVE-2020-16956]low5.5---
162556Microsoft Microsoft Dynamics 365 cross site scripting [CVE-2020-16978]low5.5---
162555Microsoft Windows Group Policy privileges assignment [CVE-2020-16939]medium6.8---
162554Microsoft Azure Functions privileges management [CVE-2020-16904]low5.0---
162553Microsoft Network Watcher Agent Virtual Machine Extension for Linux privileges managementmedium6.8---
162552Microsoft Microsoft .NET Framework information disclosure [CVE-2020-16937]low3.8---
162551OpenRobotics ros_comm Communications Package XML RPC Library integer overflowmedium7.5---
162550mathjs deepExtend dynamically-determined object attributeslow4.9---
162549Webmin Command Shell Endpoint input validation [CVE-2020-8821]low2.3---
162548Webmin Cluster Shell Commands Endpoint cross site scripting [CVE-2020-8820]low3.5---
162547HelpDeskZ Auto-Login sql injection [CVE-2020-26546]medium7.5---
162546Octopus Deploy Task Log debug log file [CVE-2020-25825]low2.3---
162545JUnit4 Test Rule information disclosure [CVE-2020-15250]low1.5---
162544Sonatype Nexus Repository Manager pathname traversal [CVE-2020-15012]low2.3---
162543Webmin Read User Email Module/Mailboxes Endpoint cross site scriptinglow5.0---
162542JFrog Artifactory improper authentication [CVE-2019-17444]medium6.8---
162541Huawei Taurus-AN00B Module buffer overflow [CVE-2020-9240]medium4.9---
162540Huawei Taurus-AN00B Module buffer overflow [CVE-2020-9238]medium4.9---
162539Huawei WS5800-10 Message denial of service [CVE-2020-9230]low2.3---
162538Huawei P30 Pro buffer overflow [CVE-2020-9123]medium4.9---
162537Huawei WS7200-10 input validation [CVE-2020-9122]medium4.9---
162536Huawei Taurus-AN00B information disclosure [CVE-2020-9110]low2.3---
162535Huawei Mate 20 information disclosure [CVE-2020-9109]low2.3---
162534Huawei P30 Pro Message out-of-bounds write [CVE-2020-9108]low2.9---
162533Huawei P30 Pro Message out-of-bounds read [CVE-2020-9107]low2.9---
162532Huawei P30 Pro path traversal [CVE-2020-9106]low2.3---
162531Huawei Taurus-AN00B out-of-bounds write [CVE-2020-9091]low4.9---
162530Huawei FusionAccess improper authorization [CVE-2020-9090]medium4.9---
162529Huawei Taurus-AL00A XFRM Module out-of-bounds read [CVE-2020-9087]low1.5---
162528Samsung Update Inter-Process Communication deserialization [CVE-2020-7811]medium4.9---
162527IBM Curam Social Program Management readLine denial of servicelow4.0---
162526IBM Curam Social Program Management OOTB Build Script information disclosurelow2.6---
162525IBM Curam Social Program Management risky encryption [CVE-2020-4778]low2.6---
162524IBM Curam Social Program Management path traversal [CVE-2020-4776]low4.3---
162523IBM Curam Social Program Management cross site scripting [CVE-2020-4775]low3.5---
162522IBM Curam Social Program Management information disclosure [CVE-2020-4774]low3.5---
162521IBM Curam Social Program Management cross-site request forgerylow4.3---
162520IBM Curam Social Program Management xml external entity referencemedium6.5---
162519IBM InfoSphere Information Server Web UI cross site scritinglow3.5---
162518IBM InfoSphere Information Server cross site scriting [CVE-2020-4740]low3.5---
162517IBM Security Access Manager/Security Verify Access information exposurelow3.5---
162516IBM Security Guardium File Content injection [CVE-2020-4689]low5.8---
162515IBM Security Guardium Web UI cross site scripting [CVE-2020-4681]low4.0---
162514IBM Security Guardium Web UI cross site scripting [CVE-2020-4680]low4.0---
162513IBM Security Guardium Web UI cross site scriting [CVE-2020-4679]low3.3---
162512IBM Security Guardium Admin Access information disclosure [CVE-2020-4678]low3.5---
162511IBM Security Access Manager/Security Verify Access information exposurelow3.5---
162510IBM Security Access Manager/Security Verify Access Access Manager information exposurelow3.5---
162509IBM Cognos Analytics Servlet information exposure [CVE-2020-4388]low3.5---
162508IBM Cognos Analytics Excel File injection [CVE-2020-4302]medium6.0---
162507ARC Informatique PcVue information disclosure [CVE-2020-26869]low2.3---
162506ARC Informatique PcVue Web Client denial of service [CVE-2020-26868]low5.0---
162505ARC Informatique PcVue Interface deserialization [CVE-2020-26867]medium6.0---
162504Apache Tomcat HTTP2 Client information disclosure [CVE-2020-13943]low3.5---
162503GitLab Permission Check permission [CVE-2020-13341]medium4.9---
162502SonicWALL SonicOS Login Page information exposure [CVE-2020-5143]low4.3---
162501SonicWALL SonicOS SSL VPN Web Interface cross site scriptinglow4.3---
162500SonicWALL SonicOS Virtual Assist Ticket ID protection mechanismlow2.6---
162499SonicWALL SonicOS SSL VPN Service out-of-bounds read [CVE-2020-5140]low4.3---
162498SonicWALL SonicOS release of reference [CVE-2020-5139]low4.3---
162497SonicWALL SonicOS SSL VPN Service heap-based overflow [CVE-2020-5138]low4.3---
162496SonicWALL SonicOS SSL VPN Service buffer overflow [CVE-2020-5137]medium6.8---
162495SonicWALL SonicOS SSL-VPN Portal buffer overflow [CVE-2020-5136]low2.3---
162494SonicWALL SonicOS buffer overflow [CVE-2020-5135]medium3.5---
162493SonicWALL SonicOS out-of-bounds read [CVE-2020-5134]low2.3---
162492SonicWALL SonicOS buffer overflow [CVE-2020-5133]medium4.3---
162491Atlassian JIRA Server Issue Filter Export File cross site scriptinglow3.5---
162490Huawei Taurus-AN00B input validation [CVE-2020-9105]low4.9---
162489Emby Server Image server-side request forgerymedium6.0---
162488Monero GUI monero-wallet-gui lib authorizationlow4.1---
162487MyBatis Object Stream deserialization [CVE-2020-26945]medium4.9---
162486phpMyAdmin SearchController sql injection [CVE-2020-26935]medium6.5---
162485phpMyAdmin Transformation Feature cross site scripting [CVE-2020-26934]low3.5---
162484Sympa Package permission [CVE-2020-26932]medium4.9---
162483Apache Calcite Hostname Verification information disclosure [CVE-2020-13955]low2.3---
162482Pepperl Fuchs RocketLinx Comtrol TFTP Service information disclosuremedium5.0---
162481Pepperl Fuchs RocketLinx Comtrol Administration Interface command injectionmedium7.5---
162480Pepperl Fuchs RocketLinx Comtrol Administration Interface cross-site request forgerymedium5.0---
162479Pepperl Fuchs RocketLinx Comtrol Administration Interface backdoormedium7.5---
162478Pepperl Fuchs RocketLinx Comtrol Administration Interface improper authenticationmedium7.5---
162477Netgear WC7500/WC7600/WC7600v2/WC9500 information disclosurelow2.3---
162476Netgear EX7700 config [CVE-2020-26930]low4.9---
162475Netgear R6220/R6230 injection [CVE-2020-26929]medium4.9---
162474Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 improper authenticationmedium5.4---
162473Netgear WNR2020 improper authentication [CVE-2020-26927]medium5.4---
162472Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 improper authenticationlow4.9---
162471Netgear GS808E denial of service [CVE-2020-26925]low2.3---
162470Netgear WAC720/WAC730 information disclosure [CVE-2020-26924]low2.3---
162469Netgear WC7500/WC7600/WC7600v2/WC9500 cross site scripting [CVE-2020-26923]low3.5---
162468Netgear WC7500/WC7600/WC7600v2/WC9500 command injection [CVE-2020-26922]medium4.9---
162467Netgear GS110EMX/GS810EMX/XS512EM/XS724EM improper authenticationmedium5.4---
162466Netgear SRK60/SRR60/SRS60 command injection [CVE-2020-26920]medium5.4---
162465Netgear JGS516PE Access Control access control [CVE-2020-26919]medium4.9---
162464Netgear R8500 cross site scripting [CVE-2020-26918]low3.5---
162463Netgear R8500 cross site scripting [CVE-2020-26917]low3.5---
162462Netgear WNR2020 config [CVE-2020-26916]low4.9---
162461Netgear XR700 cross site scripting [CVE-2020-26915]low3.5---
162460Netgear WNR2020 command injection [CVE-2020-26914]medium4.9---
162459Netgear XR500 buffer overflow [CVE-2020-26913]medium4.9---
162458Netgear WNR2020 cross-site request forgery [CVE-2020-26912]low3.5---
162457Netgear WNR2020 access control [CVE-2020-26911]medium4.9---
162456Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 command injectionmedium4.9---
162455Netgear D7800/R7500v2 command injection [CVE-2020-26909]medium5.4---
162454Netgear WNR2020 improper authentication [CVE-2020-26908]medium5.4---
162453Netgear RBK852/RBR850/RBS850 os command injection [CVE-2020-26907]medium5.4---
162452Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162451Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162450Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162449Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162448Netgear RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 command injectionmedium5.4---
162447Netgear RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162446Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162445Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162444Netgear RAX40 config [CVE-2020-26898]low4.9---
162443Netgear CBR40/RBK752/RBR750/RBS750/RBK852/RBR850/RBS850 information disclosurelow2.3---
162442Garfield Petshop act_user.php cross-site request forgerylow3.5---
162441Xerox WorkCentre EC7836/WorkCentre EC7856 Description Page cross site scriptinglow3.5---
162440ConnectWise Automate permission [CVE-2020-15838]medium4.9---
162439OnePlus App Locker Google Assistant improper authorization [CVE-2020-13626]medium4.1---
162438Victor Web Client denial of service [CVE-2020-9048]medium5.8---
162437Dell EMC OpenManage Integration for Microsoft System Center Log log filelow2.3---
162436IBM Informix Spatial out-of-bounds write [CVE-2020-4799]medium4.9---
162435IBM QRadar SIEM Java Deserialization deserialization [CVE-2020-4280]medium4.9---
162434Faulkner Wildlife Issues in the New Millennium cmd.exe privileges managementmedium6.0---
162433forma.lms cross-site request forgery [CVE-2020-26802]low3.5---
162432HAPI FHIR Testpage Overlay cross site scripting [CVE-2020-24301]low3.5---
162431Facebook Hermes Javascript SaveGeneratorLong control flowlow4.9---
162430Mozilla Thunderbird Microsoft Exchange Autodiscovery cleartext transmissionlow2.3---
162429Smartstore WebApi Authentication improper authentication [CVE-2020-15243]medium6.8---
162428Next.js redirect [CVE-2020-15242]low4.9---
162427Fluid Engine cross site scriting [CVE-2020-15241]low3.5---
162426GitLab Key Storage information disclosure [CVE-2020-13344]low2.3---
162425GitLab CI Job Log cross site scripting [CVE-2020-13340]low3.5---
162424GitLab SVG File Preview cross site scripting [CVE-2020-13339]low3.5---
162423Mozilla Firefox ECDSA Signature Generation information disclosurelow1.4---
162422Mozilla Firefox Coordinate information disclosure [CVE-2020-12400]low4.9---
162421Zoho ManageEngine Applications Manager AAMRequestProcessor Servlet improper authorizationmedium6.8---
162420IBM QRadar SIEM Active Directory Authentication improper authenticationmedium4.9---
162419Nahimic APO Software Component Driver privileges management [CVE-2019-19115]medium7.4---
162418D-Link CGI Script upgradeStatusReboot.cgi denial of servicelow2.9---
162417SourceCodester Online Bus Booking System Admin Login Screen admin.php sql injectionmedium7.5---
162416SourceCodester Booking System book_now.php cross site scriptinglow3.5---
162415PHPGurukul hospital-management-system-in-php patient-search.php cross site scriptinglow3.5---
162414PHPGurukul hostel-management-system cross site scripting [CVE-2020-25270]low3.5---
162413PyroCMS anomaly.module.blocks cross-site request forgerylow3.5---
162412PyroCMS cross-site request forgery [CVE-2020-25262]low3.5---
162411Nerrvana Plugin XML Parser xml external entity reference [CVE-2020-2298]medium4.9---
162410SMS Notification Plugin Global Configuration cleartext storagelow2.3---
162409Shared Objects Plugin Shared Object cross-site request forgerylow3.5---
162408Maven Cascade Release Plugin cross-site request forgery [CVE-2020-2295]low3.5---
162407Maven Cascade Release Plugin Permission Check authorization [CVE-2020-2294]medium4.9---
162406Persona Plugin Permission path traversal [CVE-2020-2293]low2.3---
162405Release Plugin Badge Tooltip cross site scripting [CVE-2020-2292]low3.5---
162404couchdb-statistics Plugin Global Configuration cleartext storagelow2.3---
162403Active Choices Plugin Sandbox cross site scripting [CVE-2020-2290]low3.5---
162402Active Choices Plugin cross site scripting [CVE-2020-2289]low3.5---
162401Audit Trail Plugin Regular Expression incorrect regex [CVE-2020-2288]medium4.9---
162400Audit Trail Plugin Stapler Web Framework unknown vulnerabilitymedium4.9---
162399Role-based Authorization Strategy Plugin Permission Cache permissionmedium4.9---
162398Cisco StarOS CLI input validation [CVE-2020-3602]medium6.6---
162397Cisco StarOS CLI input validation [CVE-2020-3601]medium6.6---
162396Cisco Vision Dynamic Signage Director Web-based Management Interface improper authenticationmedium6.8---
162395Cisco Nexus Data Broker Configuration Backup pathname traversalmedium6.8---
162394Cisco Expressway Series Session Initiation Protocol denial of servicelow4.3---
162393Cisco Identity Services Engine Web-based Management Interface cross site scriptinglow3.5---
162392Cisco Email Security Appliance Antispam Protection Mechanism input validationmedium6.8---
162391Cisco Industrial Network Director Management REST API denial of servicelow3.5---
162390Cisco Video Surveillance 8000 Series IP Camera Cisco Discovery Protocol memory corruptionmedium5.4---
162389Cisco Video Surveillance 8000 Series IP Camera Cisco Discovery Protocol certain memory leaklow2.9---
162388Cisco SD-WAN vManage Web-based Management Interface cross site scriptinglow3.5---
162387Cisco Webex Teams Client DLL Loader uncontrolled search pathlow4.9---
162386Cisco Identity Services Engine Web-based Management Interface Administrator authorizationmedium4.9---
162385Cisco FirePOWER Management Center Web-based Management Interface cross site scriptinglow3.5---
162384McAfee File/Removable Media Protection unquoted search path [CVE-2020-7316]low4.1---
162383Sympa Configuration File privileges management [CVE-2020-26880]medium4.1---
162382wp-courses Plugin JSON REST API wp-json authorizationmedium4.9---
162381Cure53 DOMPurify cross site scripting [CVE-2020-26870]low2.3---
162380Dynamic OOO Widget code injection [CVE-2020-26596]low4.9---
162379KDE Connect Packet denial of service [CVE-2020-26164]low2.3---
162378Soplanning Key improper authentication [CVE-2020-25867]low2.9---
162377Contao Tag injection [CVE-2020-25768]low4.9---
162376Peplink Balance Web Admin connector.php information disclosurelow2.9---
162375ImpressCMS admin.php cross site scriptinglow3.5---
162374Smarter Coffee Maker Firmware Update improper authorization [CVE-2020-15501]medium7.9---
162373GLPI API Search sql injection [CVE-2020-15226]medium4.0---
162372GLPI Public FAQ information disclosure [CVE-2020-15217]low2.3---
162371GLPI install.php cross site scriptinglow3.5---
162370GLPI sql injection [CVE-2020-15176]medium4.0---
162369GLPI Image pluginimage.send.php information disclosurelow2.3---
162368GitLab Confirmation Email resource consumption [CVE-2020-13342]low4.9---
162367Zabbix Server Remote Privilege Escalation [CVE-2020-11800]medium6.0---
162366MikroTik RouterOS SMB Server integer underflow [CVE-2019-16160]low4.3---
162365MonoCMS Blog File denial of service [CVE-2020-25985]low3.8---
162364Symphony CMS event.publish_article.php cross site scriptinglow3.5---
162363GAEN Metadata Block information disclosure [CVE-2020-24722] [Disputed]low2.3---
162362Spice Remote Display System QUIC Image Decoder buffer overflowmedium4.9---
162361GitLab Runner injection [CVE-2020-13347]medium4.9---
162360GitLab API information disclosure [CVE-2020-13346]low2.3---
162359GitLab Group Membership denial of service [CVE-2020-13335]low3.8---
162358GitLab GraphQL Query improper authorization [CVE-2020-13334]medium4.9---
162357GitLab Project privileges management [CVE-2020-13332]medium4.9---
162356simpl-schema unknown vulnerability [CVE-2020-7742]low4.9---
162355Atlassian JIRA Server/Data Center SEN information disclosurelow2.3---
162354node-pdf-generator server-side request forgery [CVE-2020-7740]medium4.9---
162353Samsung Mobile Devices TimaService privileges management [CVE-2020-26607]medium4.9---
162352Samsung Mobile Devices Secure Folder information disclosure [CVE-2020-26606]medium4.9---
162351Samsung Mobile Devices Log information disclosure [CVE-2020-26605]low2.3---
162350Samsung Mobile Devices Pendingintent privileges management [CVE-2020-26604]medium4.9---
162349Samsung Mobile Devices Sticker Center pathname traversal [CVE-2020-26603]low2.3---
162348Samsung Mobile Devices Pendingintent exposure of resource [CVE-2020-26602]medium4.9---
162347Samsung Mobile Device Pendingintent privileges management [CVE-2020-26601]medium4.9---
162346Samsung Mobile Device Auto Hotspot information disclosure [CVE-2020-26600]low2.3---
162345Samsung Mobile Device Dynamic Lockscreen improper authenticationlow3.6---
162344LG Mobile Devices Network Management denial of service [CVE-2020-26598]low2.3---
162343LG Mobile Devices Wi-Fi Subsystem denial of service [CVE-2020-26597]low2.3---
162342socket.io-file input validation [CVE-2020-24807]medium4.9---
162341Facebook WhatsApp/WhatsApp Business/WhatsApp for Portal RTP Extension Header out-of-bounds writelow4.9---
162340Facebook WhatsApp/WhatsApp Business E-AC-3 Audio Stream heap-based overflowmedium4.9---
162339Facebook WhatsApp Media ContentProvider URI information disclosurelow2.6---
162338Facebook WhatsApp/WhatsApp Business Attachment pathname traversalmedium7.5---
162337Facebook WhatsApp/WhatsApp Business Unzip denial of service [CVE-2020-1903]low5.0---
162336Facebook WhatsApp/WhatsApp Business Google service cleartext transmissionlow2.6---
162335Facebook WhatsApp Message denial of service [CVE-2020-1901]low4.3---
162334Zoho ManageEngine Applications Manager RCA module sql injectionmedium6.5---
162333Zoho ManageEngine Applications Manager SAP Module sql injectionmedium6.5---
162332xmpp-http-upload path traversal [CVE-2020-15239]low2.3---
162331Electron Context Isolation sandbox [CVE-2020-15215]medium4.9---
162330Electron will-navigate sandboxmedium4.9---
162329GitLab cross site scripting [CVE-2020-13345]low3.5---
162328GitLab Custom Project Template information disclosure [CVE-2020-13343]low2.3---
162327GitLab API denial of service [CVE-2020-13333]low2.3---
162326HCL AppScan Enterprise Rule Update escape output [CVE-2019-4326]low2.3---
162325HCL AppScan Enterprise REST API User Detail cryptographic issueslow2.3---
162324Sierra Wireless ALEOS RPC Server unknown vulnerability [CVE-2020-8782]low4.9---
162323Sierra Wireless ALEOS improper authorization [CVE-2020-8781]medium4.9---
162322hellojs Package cross site scripting [CVE-2020-7741]low3.5---
162321phantomjs-seo URL server-side request forgery [CVE-2020-7739]medium4.9---
162320MPD PPP Authentication out-of-bounds read [CVE-2020-7466]low2.3---
162319MPD L2TP memory corruption [CVE-2020-7465]medium4.9---
162318IBM MQ Appliance Log File information disclosure [CVE-2020-4528]low2.3---
162317D-Link DAP-1360U Ping privileges management [CVE-2020-26582]medium4.9---
162316Wireshark Facebook Zero Protocol Dissector packet-fbzero.c by infinite looplow2.3---
162315Leostream Connection Broker HTTP Header webquery.pl browser_client cross site scriptinglow3.5---
162314Wireshark BLIP Protocol Dissector packet-blip.c null pointer dereferencelow2.3---
162313Wireshark MIME Multipart Dissector packet-multipart.c denial of servicelow2.3---
162312Wireshark TCP Dissector packet-tcp.c denial of servicelow2.3---
162311Crafter CMS Crafter Studio os command injection [CVE-2020-25803]low4.9---
162310Crafter CMS Groovy Script os command injection [CVE-2020-25802]low4.9---
162309QEMU pci.c ide_cancel_dma_sync null pointer dereferencelow2.3---
162308QEMU pci.c pci_change_irq_level null pointer dereferencelow2.3---
162307WildFly OpenSSL HTTP Session memory leak [CVE-2020-25644]low2.3---
162306Linux Kernel HDLC_PPP Module memory corruption [CVE-2020-25643]medium4.9---
162305Linux Kernel biovecs infinite loop [CVE-2020-25641]low4.4---
162304QEMU libvirt API access control [CVE-2020-25637]low2.3---
162303IBM Security Access Manager Appliance Web UI cross site scritinglow3.5---
162302MonoCMS Blog log.xml inadequate encryptionlow2.3---
162301MonoCMS Blog cross-site request forgery [CVE-2020-25986]low3.5---
162300Ruby WEBrick request smuggling [CVE-2020-25613]medium4.9---
162299projectworlds Car Rental Management System Admin Login message_admin.php cross site scriptinglow4.3---
162298GNU C Library search.texi return valuemedium4.9---
162297Elecom WRC-1167GST2 os command injection [CVE-2020-5634]medium7.4---
162296InfoCage SiteShell Access Restriction unknown vulnerability [CVE-2020-5632]low4.9---
162295CMONOS.JP cross site scriting [CVE-2020-5631]low3.5---
162294OpenSC TCOS Smart Card Software Driver tcos_decipher buffer overflowmedium4.9---
162293OpenSC gemsafe GPK Smart Card Software Driver sc_pkcs15emu_gemsafeGPK_init stack-based overflowmedium4.9---
162292OpenSC Oberthur Smart Card Software Driver sc_oberthur_read_file buffer overflowmedium4.9---
162291Shrine derivation_endpoint Plugin Utils.secure_compare information exposurelow4.9---
162290Intel CPU BIOS Firmware information disclosure [CVE-2020-8671]low2.3---
162289Nextcloud Deck Attachment authorization [CVE-2020-8235]medium4.9---
162288Nextcloud Preferred Providers App Password excessive authenticationlow4.9---
162287Nextcloud Server permission [CVE-2020-8223]medium4.9---
162286Nextcloud Deck Board Sharing access control [CVE-2020-8182]medium4.9---
162285ZTE ZXONE 19700 SNPE Access Control access control [CVE-2020-6875]medium4.9---
162284IBM Maximo Asset Management HTTP Command improper authenticationlow2.3---
162283ClickStudios Passwordstate Password Reset Portal ResetPassword improper authenticationlow2.3---
162282CuppaCMS unrestricted upload [CVE-2020-26048]low4.9---
162281Ansible aws_ssm Connection Plugin information disclosure [CVE-2020-25635]low2.3---
162280Symmetric DS mx4j improper authentication [CVE-2020-24231]medium4.9---
162279Wiki.js Storage Module pathname traversal [CVE-2020-15236]low2.3---
162278RACTF Key information disclosure [CVE-2020-15235]low2.9---
162277Intel Driver & Support Assistant permission [CVE-2020-12302]low3.5---
162276Intel CPU BIOS Firmware information disclosure [CVE-2020-0571]low2.7---
162275Intel CPU BIOS Firmware denial of service [CVE-2019-14558]low2.7---
162274Intel CPU BIOS Firmware buffer overflow [CVE-2019-14557]medium4.9---
162273Intel CPU BIOS Firmware denial of service [CVE-2019-14556]low1.5---
162272json-pointer input validation [CVE-2020-7709]low4.9---
162271qdPM File Upload cross site scripting [CVE-2020-26166]low3.5---
162270Ansible Base aws_ssm Connection Plugin access control [CVE-2020-25636]low4.9---
162268oauth2-server OAuth 2.0 code injection [CVE-2017-18924] [Disputed]medium4.9---
162267Google Osconfig Agent race conditionmedium4.1---
162266tribe29 Checkmk permissionmedium6.6---
162265REDDOXX MailDepot Mailbox permission [CVE-2019-19200]medium4.9---
162264Platinum Mobile MobileHandler.ashx access controlmedium4.1---
162263SevOne Network Management System Device Manager Page injectionmedium6.0---
162262SevOne Network Management System Alert Summary sql injectionmedium6.0---
162261SevOne Network Management System Traceroute traceroute.php command injectionmedium8.5---
162260NVIDIA Virtual GPU Manager vGPU Plugin denial of service [CVE-2020-5989]low1.5---
162259NVIDIA Virtual GPU Manager vGPU Plugin double free [CVE-2020-5988]medium4.1---
162258NVIDIA Virtual GPU Manager vGPU Plugin privileges managementmedium4.1---
162257NVIDIA Virtual GPU Manager vGPU Plugin memory corruption [CVE-2020-5986]medium4.1---
162256NVIDIA Virtual GPU Manager vGPU Plugin memory corruption [CVE-2020-5985]medium4.1---
162255NVIDIA Virtual GPU Manager vGPU Plugin use after free [CVE-2020-5984]medium4.1---
162254NVIDIA Virtual GPU Manager vGPU Plugin/Host Driver Kernel Module privileges managementmedium4.1---
162253NVIDIA Windows GPU Display Driver Kernel Mode Layer nvlddmkm.sys denial of servicelow1.5---
162252NVIDIA Windows GPU Display Driver DirectX11 User Mode Driver x.dll memory corruptionmedium4.1---
162251NVIDIA Windows GPU Display Driver DLL code injection [CVE-2020-5980]medium4.1---
162250NVIDIA Windows GPU Display Driver Control Panel privileges managementmedium4.1---
162249Cloud Foundry BOSH System Metrics Server UAA Password information disclosurelow1.5---
162248Linux Kernel Secure Boot Forbidden Signature Database blacklist.c privileges managementmedium6.3---
162247Damstra Smart Asset Version origin validationmedium4.1---
162246Damstra Smart Asset Login Page Username information disclosurelow1.5---
162245Damstra Smart Asset DNS Server sql injectionmedium6.0---
162244Trend Micro Antivirus symlink [CVE-2020-25776]medium4.1---
162243HPE KVM IP Console Switch G2 4x1Ex32 code injection [CVE-2020-24628]medium6.0---
162242HPE KVM IP Console Switch G2 4x1Ex32 Stored cross site scritinglow3.5---
162241MB Connect Line mymbCONNECT24/mbCONNECT24 lancompenent Blind sql injectionmedium6.0---
162240Zoho ManageEngine Desktop Central InternetSendRequestEx integer overflowmedium4.1---
162239Zoho ManageEngine Desktop Central TLS Certificate Validation InternetSendRequestByBitrate improper authenticationmedium4.4---
162238ORY Fosite Authorization Endpoint redirect [CVE-2020-15234]low5.4---
162237ORY Fosite Redirect redirect [CVE-2020-15233]low5.4---
162236ProVide SDL xml external entity reference [CVE-2020-15232]medium6.8---
162235mapfish-print JSONP cross site scripting [CVE-2020-15231]low4.3---
162234Vapor Web Framework path traversal [CVE-2020-15230]medium6.0---
162233GitLab Editing Stored cross site scritinglow3.5---
162232GitLab Group Name Stored cross site scritinglow2.8---
162231fusionauth-saml Signature improper authentication [CVE-2020-12676]medium6.0---
162230PHP HTTP Cookie input validation [CVE-2020-7070]low4.3---
162229PHP AES-CCM openssl_encrypt input validationlow2.6---
162228Erlang OTP path traversal [CVE-2020-25623]medium4.1---
162227cloudflared Configuration File privileges management [CVE-2020-24356]low3.5---
162226GetSimpleCMS log.php path traversalmedium4.1---
162225Bludit upload-profile-picture path traversalmedium4.1---
162224Pluxml Configuration File class.plx.admin.php code injectionmedium4.1---
162223Pluxml Theme Editor parametres_edittpl.php code injectionmedium6.0---
162222BitDefender Engine ceva_emu.cvd Module uninitialized pointerlow2.6---
162221shiba load code injectionmedium6.0---
162220safetydance set Prototype privileges managementmedium6.8---
162219bmoor set Prototype privileges managementmedium6.8---
162218Foxit Reader/PhantomPDF Protection Mechanism code injection [CVE-2020-26540]medium4.1---
162217Foxit Reader/PhantomPDF use after free [CVE-2020-26539]medium4.1---
162216Foxit Reader/PhantomPDF taskkill.exe privileges managementmedium4.1---
162215Foxit Reader/PhantomPDF Shading memory corruption [CVE-2020-26537]medium6.8---
162214Foxit Reader/PhantomPDF null pointer dereference [CVE-2020-26536]low4.3---
162213Foxit Reader/PhantomPDF v8 TslAlloc denial of servicelow4.3---
162212Foxit Reader/PhantomPDF AcroForm ClearItems use after freemedium6.8---
162211CodeLathe FileCloud Username information disclosure [CVE-2020-26524]low1.5---
162210Froala Editor Content Paste cross site scriting [CVE-2020-26523]low3.5---
162209Artifex MuPDF pixmap.c memory corruptionmedium4.1---
162208Artica Pandora FMS chart_generator.php sql injectionmedium6.8---
162207wpo365-login Plugin JWT Token missing encryption [CVE-2020-26511]low1.0---
162206Live Helper Chat Reflected cross site scriting [CVE-2020-26135]low3.5---
162205Live Helper Chat BBcode Stored cross site scritinglow3.5---
162204OpenMediaVault rpc.php json_encode_safe code injectionmedium4.1---
162203QEMU fdc.c fdctrl_write_data null pointer dereferencelow1.5---
162202PowerDNS Authenticate GSS-TSIG Signature double free [CVE-2020-24698]medium4.4---
162201PowerDNS Authoritative GSS-TSIG Signature denial of service [CVE-2020-24697]low1.9---
162200PowerDNS Authoritative GSS-TSIG Signature denial of service [CVE-2020-24696]low4.3---
162199PowerDNS Authoritative Server Record uninitialized resource [CVE-2020-17482]low1.5---
162198MSI AmbientLink MsIo64 Driver memory corruption [CVE-2020-17382]medium4.1---
162197SECUDOS Qiata FTA Comment Persistent cross site scritinglow3.5---
162196SECUDOS DOMOS Web Interface conf_datetime command injectionmedium8.5---
162195SysAid ForgotPassword.jsp Reflected cross site scritinglow3.5---
162194WAVLINK WN530H4 ExportAllSettings.sh information disclosurelow1.5---
162193WAVLINK WN530H4 improper authentication [CVE-2020-12126]medium4.4---
162192WAVLINK WN530H4 makeRequest.cgi memory corruptionhigh9.3---
162191WAVLINK WN530H4 live_api.cgi command injectionhigh9.3---
162190WAVLINK WN530H4 cross-site request forgery [CVE-2020-12123]low4.3---
162189REDDOXX MailDepot Session improper authentication [CVE-2019-19199]medium4.1---
162188Apache NiFi UI/API inadequate encryption [CVE-2020-9491]low4.1---
162187Apache NiFi Download Token denial of service [CVE-2020-9487]low1.9---
162186Apache NiFi Stateless Execution Engine cleartext storage [CVE-2020-9486]low1.5---
162185Teltonika TRB2 path traversal [CVE-2020-5789]low4.0---
162184Teltonika TRB2 delete path traversalmedium5.5---
162183Teltonika TRB2 remove path traversalmedium5.5---
162182Teltonika TRB2 cross-site request forgery [CVE-2020-5786]medium6.8---
162181Teltonika TRB2 Reflected cross site scripting [CVE-2020-5785]low4.3---
162180Teltonika TRB2 server-side request forgery [CVE-2020-5784]medium6.5---
162179Dell XPS 13 9370 BIOS Exception exceptional condition [CVE-2020-5387]low4.1---
162178IBM WebSphere Application Server information disclosure [CVE-2020-4576]low4.3---
162177Pritunl Error Message session Username information disclosurelow1.5---
162176Envoy URL Local Privilege Escalation [CVE-2020-25018]low4.1---
162175Envoy Header setCopy privileges managementmedium4.1---
162174Unisys Stealth Password missing encryption [CVE-2020-24620]low1.0---
162173Istio Policy privileges management [CVE-2020-16844]medium4.6---
162172Mozilla Firefox/Firefox ESR/Thunderbird ComputeClippedCompositionBounds use after freemedium6.8---
162171Mozilla Firefox/Firefox ESR/Thunderbird redirect [CVE-2020-15677]medium6.8---
162170Mozilla Firefox/Firefox ESR/Thunderbird DOM-Based cross site scritinglow4.3---
162169Mozilla Firefox Surface memory corruption [CVE-2020-15675]medium4.1---
162168Mozilla Firefox memory corruption [CVE-2020-15674]medium6.8---
162167Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2020-15673]medium6.8---
162166Mozilla Firefox Password information disclosure [CVE-2020-15671]low1.5---
162165Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2020-15670]medium6.8---
162164Mozilla Firefox ESR/Thunderbird Abort Signal use after free [CVE-2020-15669]medium6.8---
162163Mozilla Firefox Certificate Import locking [CVE-2020-15668]low4.1---
162162Mozilla Firefox MAR Update File heap-based overflow [CVE-2020-15667]medium6.8---
162161Mozilla Firefox Media Error information disclosure [CVE-2020-15666]low2.9---
162160Mozilla Firefox Address Bar authentication spoofing [CVE-2020-15665]medium6.8---
162159Mozilla Firefox/Firefox ESR/Thunderbird Extension eval privileges managementmedium6.8---
162158Mozilla Firefox/Firefox ESR/Thunderbird Maintenance Service updater.exe code injectionmedium6.0---
162157Zoho ManageEngine Application Manager AlarmEscalation sql injectionmedium6.8---
162156@actions core exportVariable input validationlow2.1---
162154HCL Digital Experience Reflected cross site scriting [CVE-2020-14223]low3.5---
162153Apache NiFi Notification Service Manager xml external entity referencemedium4.1---
162152Apache ant File Permission privileges management [CVE-2020-11979]medium4.1---
162151Rittal CMC PU III Web Management Interface backdoor [CVE-2019-19393]low3.5---
162150WebsiteBaker save.php sql injectionmedium6.0---
162149GetSimple CMS Settings Page Persistent cross site scritinglow3.5---
162148CMS Made Simple Content Manager Persistent cross site scritinglow3.5---
162147BitDefender Engine ace.xmd Parser out-of-bounds write [CVE-2020-8109]low2.6---
162146Atlassian Atlaskit Editor cross site scriting [CVE-2019-20903]low3.5---
162145Atlassian JIRA Crowd Upgrade privileges management [CVE-2019-20902]medium4.1---
162144Pulse Connect Secure Admin Web Interface xml external entity referencemedium4.1---
162143Pulse Connect Secure Admin Web Interface code injection [CVE-2020-8243]medium4.1---
162142Pulse Connect Secure/Pulse Policy Secure Web Interface cross site scriptinglow3.5---
162141Eaton 9000x DLL vci11un6.DLL untrusted search pathmedium4.4---
162140BigBlueButton Greenlight privileges management [CVE-2020-26163]medium4.1---
162139jwt-go Access Restriction privileges management [CVE-2020-26160]medium6.8---
162138Oniguruma Regex regcomp.c concat_opt_exact_str memory corruptionmedium4.1---
162137Leanote Desktop Node Integration cross site scriting [CVE-2020-26158]low3.5---
162136Leanote Desktop Node Integration cross site scriting [CVE-2020-26157]low3.5---
162135libproxy url.cpp memory corruptionmedium4.1---
162134Logaritmo Aware CallManager info.php phpinfo information disclosurelow3.5---
162133nats.js/nats.ws Credentials information disclosure [CVE-2020-26149]low1.5---
162132md4c md4c.c md_push_block_bytes uninitialized resourcelow1.5---
162131urllib3 putrequest crlf injectionmedium4.1---
162130Cybereason Endpoint Protection PowerShell privileges managementmedium4.1---
162129Hoosk CMS index.php cross site scritinglow3.5---
162128Hoosk CMS index.php sql injectionmedium6.0---
162127Hoosk CMS index.php code injectionmedium4.1---
162126MantisBT bug_actiongroup_page.php cross site scriptinglow4.1---
IDTitleVulDBCVSSSecuniaXForceNessus
162125Hashicorp Vault Enterprise Access Control privileges managementmedium4.1---
162124MantisBT file_download.php information disclosurelow1.5---
162123Django REST Framework API Viewer input validation [CVE-2020-25626]low3.5---
162122MantisBT Project privileges management [CVE-2020-25288]medium4.1---
162121GAEN Trace privileges management [CVE-2020-24721]medium4.1---
162120MB Connect Line mymbCONNECT24/mbCONNECT24 com_mb24proxy cross-site request forgerylow4.3---
162119MB Connect Line mymbCONNECT24/mbCONNECT24 knximport sql injectionmedium6.0---
162118CMS Made Simple moduleinterface.php cross site scritinglow3.5---
162117HFish cross site scriting [CVE-2020-22481]low3.5---
162116Pluck CMS File Upload command injection [CVE-2020-21564]medium6.0---
162115Halo CMS Backup File path traversal [CVE-2020-21527]medium4.1---
162114Halo CMS startsWith path traversalmedium4.1---
162113Halo CMS startsWith path traversalmedium4.1---
162112Halo CMS wordpress) xml external entity referencemedium4.1---
162111Halo CMS server-side request forgery [CVE-2020-21523]medium4.1---
162110Halo CMS ZIP path traversal [CVE-2020-21522]medium4.1---
162109FrontAccounting inst_lang.php path traversalmedium4.1---
162108MetInfo sql injection [CVE-2020-20800]medium6.0---
162107Nacos Access Control privileges management [CVE-2020-19676]medium4.1---
162106Niushop B2B2C Multi-Business Basic Background Upload getimagesize privileges managementmedium4.1---
162105Niushop B2B2C Multi-Business Basic improper authentication [CVE-2020-19670]medium4.1---
162104Re:Desk Yii Framework actionEmailTemplates sql injectionmedium6.8---
162103Zoho Application Control Plus Element Configuration IP Address information disclosurelow3.5---
162102Zoho Application Control Plus Mail Gateway Configuration server-side request forgerylow3.5---
162101Re:Desk File Upload privileges management [CVE-2020-15488]medium4.1---
162100Re:Desk Password Reset Ticket.php getBaseCriteria sql injectionmedium6.8---
162099dpdk move_desc integer overflowlow1.5---
162098dpdk Guest Virtual Machine Memory out-of-bounds read [CVE-2020-14377]low1.5---
162097dpdk vm Guest Memory buffer overflow [CVE-2020-14376]medium4.1---
162096dpdk Virtio Ring Descriptor toctou [CVE-2020-14375]medium4.1---
162095dpdk Virtual Machine copy_data buffer overflowmedium4.1---
162094Ozeki NG SMS Gateway .NET Framework deserialization [CVE-2020-14030]medium4.1---
162093Apache Tapestry URL resource transfer [CVE-2020-13953]low1.5---
162092Apache Superset Database Connection information disclosure [CVE-2020-13952]low1.5---
162091Apache OpenMeetings NetTest Web Service denial of service [CVE-2020-13951]low1.5---
162090Harbor information disclosure [CVE-2020-13794]low1.5---
162089Lansweeper Web Console cross-site request forgery [CVE-2020-13658]low4.3---
162088GitLab Error Tracking Stored cross site scritinglow2.8---
162087GitLab Wiki Page Stored cross site scritinglow3.5---
162086GitLab Bitbucket Project Stored cross site scritinglow3.5---
162085GitLab Blob View Stored cross site scritinglow3.5---
162084GitLab PyPi File API Stored cross site scritinglow2.8---
162083GitLab Project Import privileges management [CVE-2020-13326]medium6.0---
162082GitLab Issue Page denial of service [CVE-2020-13325]low3.5---
162081GitLab API information disclosure [CVE-2020-13324]low3.5---
162080GitLab Private Merge Request information disclosure [CVE-2020-13323]low3.5---
162079GitLab Permission privileges management [CVE-2020-13322]medium5.4---
162078GitLab cross site scriting [CVE-2020-13321]low3.5---
162077GitLab Project Security Dashboard information disclosure [CVE-2020-13320]low3.5---
162076GitLab Permission Check privileges management [CVE-2020-13319]medium6.0---
162075GitLab Access Control privileges management [CVE-2020-13296]medium6.0---
162074RainbowFish PacsOne Server Signup Page sql injection [CVE-2020-12870]medium6.0---
162073RainbowFish PacsOne Server cross site scriting [CVE-2020-12869]low3.5---
162072RainbowFish PacsOne Server Access Control privileges managementmedium4.1---
162071WAGO 750-890 improper authentication [CVE-2020-12506]high9.3---
162070WAGO 750-831/750-852/750-880/750-881/750-882/750-885 improper authenticationmedium6.8---
162069handlebars Regular Expression incorrect regex [CVE-2019-20922]low1.5---
162068bootstrap-select OPTION Element cross site scriting [CVE-2019-20921]low3.5---
162067handlebars Lookup Helper cross site scriting [CVE-2019-20920]low3.5---
162066Atheros AR9132/AR9283/AR9285 WPA2 improper authentication [CVE-2019-18991]medium5.4---
162065Realtek RTL8812AR/RTL8196D/RTL8192ER/RTL8881AN WPA2 improper authenticationmedium5.4---
162064MediaTek MT7620N WPA2 improper authentication [CVE-2019-18989]medium5.4---
162063ANIXIS Password Reset Client GINA CP Module privileges managementmedium6.8---
162062Zoho ManageEngine ADSelfService Plus GINA CP Module privileges managementmedium6.8---
162061Apache Hadoop Kerberos Authentication privileges management [CVE-2018-11765]medium4.1---
162060SonicWALL SSL VPN DNS information disclosure [CVE-2020-5132]medium4.6---
162059IBM WebSphere Application Server Error Message information disclosurelow1.0---
162058BitDefender Engine input validation [CVE-2020-15731]medium4.1---
162057August Connect Wi-Fi Bridge App Network Authentication hard-coded keylow1.8---
162056goxmldsig Signature Validation signature verification [CVE-2020-15216]medium5.1---
162055IBM Security Secret Server privileges management [CVE-2020-4607]medium4.1---
162054Trend Micro Security 2020 privileges management [CVE-2020-25775]medium4.1---
162053Trend Micro Apex One ServerMigrationTool memory corruption [CVE-2020-25774]low1.5---
162052Trend Micro Apex One ServerMigrationTool privileges managementmedium4.1---
162051Trend Micro Apex One memory corruption [CVE-2020-25772]low1.5---
162050Trend Micro Apex One memory corruption [CVE-2020-25771]low1.5---
162049Trend Micro Apex One memory corruption [CVE-2020-25770]low1.5---
162048Trend Micro Apex One memory corruption [CVE-2020-24565]low1.5---
162047Trend Micro Apex One memory corruption [CVE-2020-24564]low1.5---
162046Trend Micro Apex One Security Agent Unload code injection [CVE-2020-24563]medium4.1---
162045Trend Micro OfficeScan code injection [CVE-2020-24562]medium4.1---
162044FileImporter Extension Page Creation privileges management [CVE-2020-26121]medium4.1---
162043MobileFrontend Extension parseHTML DOM-Based cross site scritinglow3.5---
162042MediaWiki Actor ID exceptional condition [CVE-2020-25869]low4.1---
162041MediaWiki Message Content mw.message.parse cross site scritinglow3.5---
162040OATHAuth Extension improper authentication [CVE-2020-25827]low2.6---
162039MediaWiki getFiltersDesc cross site scritinglow3.5---
162038MediaWiki jQuery mw.message.parse cross site scritinglow3.5---
162037MediaWiki Special:UserRights Page User information disclosurelow1.5---
162036MediaWiki Special:Contributions Page cross site scriting [CVE-2020-25812]low3.5---
162035TigerVNC TLS Certificate CSecurityTLS.cxx improper authenticationmedium4.1---
162034Python http.client privileges management [CVE-2020-26116]medium4.1---
162033projectworlds Visitor Management System Stored cross site scritinglow4.3---
162032projectworlds Visitor Management System sql injection [CVE-2020-25760]medium6.0---
162031SourceCodester Seat Reservation System sql injection [CVE-2020-25762]medium6.8---
162030SourceCodester Seat Reservation System unrestricted upload [CVE-2020-25763]medium6.8---
162029Observium Professional/Enterprise/Community unrestricted uploadmedium6.5---
162028Observium Professional/Enterprise/Community cross site scriptinglow4.3---
162027Observium Professional/Enterprise/Community authenticate.inc.php sql injectionmedium6.0---
162026Observium Professional/Enterprise/Community syslog_rules cross site scritinglow3.5---
162025Observium Professional/Enterprise/Community unrestricted uploadmedium6.5---
162024Observium Professional/Enterprise/Community path traversal [CVE-2020-25144]medium6.5---
162023Observium Professional/Enterprise/Community sql injection [CVE-2020-25143]medium6.0---
162022Observium Professional/Enterprise/Community addsrv cross-site request forgerylow4.3---
162021Observium Professional/Enterprise/Community view cross site scriptinglow4.3---
162020GE Reason S20 Ethernet Switch cross site scripting [CVE-2020-16242]low4.3---
162019TensorFlow out-of-bounds write [CVE-2020-15214]medium6.8---
162018TensorFlow memory corruption [CVE-2020-15213]low2.6---
162017TensorFlow out-of-bounds write [CVE-2020-15212]medium6.8---
162016TensorFlow out-of-bounds write [CVE-2020-15211]medium6.8---
162015TensorFlow TFLite Model input validation [CVE-2020-15210]medium6.8---
162014TensorFlow TFLite Model null pointer dereference [CVE-2020-15209]low2.6---
162013TensorFlow out-of-bounds write [CVE-2020-15208]medium6.8---
162012TensorFlow ResolveAxis memory corruptionmedium6.8---
162011TensorFlow input validation [CVE-2020-15206]low2.6---
162010TensorFlow tf.raw_ops.StringNGrams memory corruptionmedium6.8---
162009TensorFlow ctx->session_state null pointer dereferencelow4.3---
162008TensorFlow tf.strings.as_string input validationlow4.3---
162007TensorFlow Shard API Remote Code Execution [CVE-2020-15202]medium6.8---
162006TensorFlow RaggedCountSparseOutput input validationmedium6.8---
162005TensorFlow RaggedCountSparseOutput heap-based overflowmedium6.8---
162004TensorFlow RaggedCountSparseOutput input validationlow2.6---
162003TensorFlow SparseCountSparseOutput memory corruptionmedium6.8---
162002TensorFlow SparseCountSparseOutput assertionlow2.1---
162001TensorFlow RaggedCountSparseOutput memory corruptionmedium6.0---
162000TensorFlow SparseFillEmptyRowsGrad heap-based overflowmedium6.0---
161999TensorFlow SparseFillEmptyRowsGrad assertionlow4.3---
161998TensorFlow dlpack.to_dlpack uninitialized resourcemedium6.0---
161997TensorFlow dlpack.to_dlpack input validationlow3.5---
161996TensorFlow dlpack.to_dlpack null pointer dereferencelow4.3---
161995TensorFlow tf.raw_ops.Switch input validationlow4.3---
161994IBM InfoSphere Information Server clickjacking [CVE-2020-4727]medium6.8---
161993IBM Business Automation Workflow Error Message information disclosurelow4.3---
161992Observium Professional/Enterprise/Community contacts.inc.php cross site scriptinglow4.3---
161991Observium Professional/Enterprise/Community syslog_rules cross site scriptinglow4.3---
161990Observium Professional/Enterprise/Community alert_test_id cross site scritinglow3.5---
161989Observium Professional/Enterprise/Community alert_check cross site scritinglow3.5---
161988jdownloads categories.php order sql injectionmedium6.8---
161987ng-packagr command injection [CVE-2020-7735]low4.3---
161986F5 BIG-IP/BIG-IQ denial of service [CVE-2020-5930]low1.9---
161985F5 BIG-IP cleartext storage [CVE-2020-5929]low1.0---
161984Observium Professional/Enterprise/Community unrestricted uploadmedium6.5---
161983Observium Professional/Enterprise/Community cross site scriptinglow4.3---
161982Observium Professional/Enterprise/Community inc.php path traversalmedium6.5---
161981Observium Professional/Enterprise/Community inc.php unrestricted uploadmedium6.5---
161980Observium Professional/Enterprise/Community authenticate.inc.php sql injectionmedium6.8---
161979Observium Professional/Enterprise/Community cross site scriptinglow4.3---
161978Observium Professional/Enterprise/Community actions.php sql injectionmedium6.0---
161977jdownloads jdownloadshelper.php updateLog sql injectionmedium6.8---
161976jdownloads jdownloadshelper.php getUserLimits sql injectionmedium6.8---
161975Brocade Fabric OS REST API Reflected cross site scritinglow3.5---
161974Brocade Fabric OS REST API memory corruption [CVE-2020-15373]medium6.8---
161973Brocade Fabric OS Command-Line Interface privileges managementmedium4.1---
161972Brocade Fabric OS code injection [CVE-2020-15371]medium4.1---
161971Brocade Fabric OS Log File Password information disclosurelow3.5---
161970Brocade Fabric OS Supportlink CLI Credentials information disclosurelow1.5---
161969U.S. Air Force Sensor Data Management System extract75 integer coercionmedium4.1---
161968Brocade SANnav LDAP injection privileges management [CVE-2019-16212]medium6.0---
161967Brocade SANnav Password Storage cleartext storage [CVE-2019-16211]low1.5---
161966Brocade Fabric OS HTTP Management Interface Header Injection privileges managementmedium6.0---
161965Brocade Fabric OS Management Interface denial of service [CVE-2018-6448]low3.5---
161964Brocade Fabric OS HTTP Management Interface Reflected cross site scritinglow3.5---
161963Apple macOS Sandbox privileges management [CVE-2020-9968]medium4.1---
161962Apple macOS Model IO memory corruption [CVE-2020-9973]medium6.8---
161961Apple macOS Mail privileges management [CVE-2020-9941]medium6.0---
161960Apple macOS ImageIO memory corruption [CVE-2020-9961]medium6.8---
161959Apple iCloud WebKit Universal cross site scritingmedium4.3---
161958cPanel Cron Editor Interface cross site scripting [CVE-2020-26115]low4.3---
161957cPanel Cron Jobs interface cross site scripting [CVE-2020-26114]low4.3---
161956cPanel WHM Manage API Tokens Interface cross site scripting [CVE-2020-26113]low4.3---
161955cPanel Email Quota Cache privileges management [CVE-2020-26112]medium7.5---
161954cPanel WHM Edit DNS Zone Interface cross site scripting [CVE-2020-26111]low4.3---
161953cPanel DNS Zone Manager DNSSEC Interface cross site scriptinglow4.3---
161952cPanel Protection Mechanism privileges management [CVE-2020-26109]medium7.5---
161951cPanel File Extension code injection [CVE-2020-26108]medium6.0---
161950cPanel PowerDNS API Key inadequate encryptionlow2.6---
161949cPanel Permission log file [CVE-2020-26106]medium6.8---
161948cPanel chkservd Test Credential insufficiently protected credentialsmedium5.0---
161947cPanel SRS Secret insecure storage of sensitive information [CVE-2020-26104]medium5.0---
161946cPanel mailman weak password [CVE-2020-26103]medium6.8---
161945cPanel Auth Policy API privileges management [CVE-2020-26102]medium4.1---
161944cPanel RNDC insufficiently protected credentials [CVE-2020-26101]medium5.0---
161943cPanel csh Jail privileges managementmedium7.5---
161942cPanel Protect SMTP Greylist privileges management [CVE-2020-26099]medium4.1---
161941cPanel Exim Filter code injection [CVE-2020-26098]medium6.0---
161940Rubetek RV-3406/RV-3409/RV-3411 Telnet Service hard-coded passwordhigh9.3---
161939Rubetek RV-3406/RV-3409/RV-3411 RTSP Server cleartext storagelow2.6---
161938Rubetek RV-3406/RV-3409/RV-3411 Telnet Service improper authenticationmedium6.8---
161937Hak5 WiFi Pineapple Mark VII ui path traversalmedium4.4---
161936QEMU TD List hcd-ohci.c infinite looplow1.9---
161935Sophos SG UTM WebAdmin code injection [CVE-2020-25223]medium6.0---
161934Framer Preview App privileges management [CVE-2020-25203]medium4.1---
161933QEMU exec.c flatview_read_continue out-of-bounds writemedium4.4---
161932QEMU hcd-xhci.c usb_packet_map use after freemedium4.4---
161931Mitel MiContact Center Business Ignite Portal input validationlow4.3---
161930HTML Form Entry Module Velocity Template Language File code injectionmedium4.1---
161929Pexip Infinity SIP input validation [CVE-2020-24615]low5.0---
161928Mitel MiCloud Management Portal information disclosure [CVE-2020-24595]low1.5---
161927Mitel MiCloud Management Portal cross site scripting [CVE-2020-24594]low4.3---
161926Mitel MiCloud Management Portal sql injection [CVE-2020-24593]medium6.0---
161925Mitel MiCloud Management Portal escape output [CVE-2020-24592]low5.0---
161924Multi User Plugin cross-site request forgery [CVE-2020-23837]low3.5---
161923Zoho ManageEngine Applications Manager header.jsp cross site scriptinglow4.3---
161922Zoho ManageEngine Applications Manager REST API sql injectionmedium6.8---
161921Pexip Infinity H.323 denial of service [CVE-2020-13387]low1.5---
161920Pexip Infinity RTP input validation [CVE-2020-12824]low5.0---
161919Pexip Reverse Proxy/TURN Server UDP Access Control input validationmedium6.8---
161918Pexip Infinity System Backup Restore input validation [CVE-2019-7178]medium6.5---
161917Pexip Infinity code injection [CVE-2019-7177]medium4.1---
161916Pagure Blame View blame.html cross site scriptinglow4.3---
161915Pexip Infinity XML Parser denial of service [CVE-2018-10585]low1.5---
161914Pexip Infinity TLS Handshake resource consumption [CVE-2018-10432]low5.0---
161913Lenovo Enterprise Network Disk DOM-Based cross site scriptinglow3.5---
161912Lenovo Enterprise Network Disk URL cross site scripting [CVE-2020-8347]low3.5---
161911Lenovo Desktop/ThinkStation SMI Callback code injection [CVE-2020-8333]medium5.9---
161910Cisco Wireless LAN Controller resource consumption [CVE-2020-3560]low4.3---
161909Cisco Aironet Access Point resource consumption [CVE-2020-3559]low2.6---
161908Cisco Aironet Access Point null pointer dereference [CVE-2020-3552]low2.9---
161907Cisco Catalyst 9200 Polaris Kernel input validation [CVE-2020-3527]low4.3---
161906Cisco IOS XE COPS Engine input validation [CVE-2020-3526]low4.3---
161905Cisco IOS XE ROM Monitor access control [CVE-2020-3524]medium6.2---
161904Cisco IOS XE Web Server Authentication input validation [CVE-2020-3516]low3.5---
161903Cisco IOS XE Aggregation Services routine [CVE-2020-3513]medium6.6---
161902Cisco IOS/IOS XE Link Layer Discovery Protocol 7pk error [CVE-2020-3512]low2.9---
161901Cisco IOS/IOS XE ISDN Subsystem input validation [CVE-2020-3511]low2.9---
161900Cisco IOS XE Umbrella Connector 7pk error [CVE-2020-3510]low4.3---
161899Cisco IOS XE DHCP Message 7pk error [CVE-2020-3509]low4.3---
161898Cisco IOS XE Aggregation Services resource consumption [CVE-2020-3508]low2.9---
161897Cisco IOS XE File System Permission access control [CVE-2020-3503]medium4.1---
161896Cisco IOS XE Control/Provisioning input validation [CVE-2020-3497]low2.9---
161895Cisco IOS XE Control/Provisioning input validation [CVE-2020-3494]low2.9---
161894Cisco IOS XE Control/Provisioning input validation [CVE-2020-3493]low2.9---
161893Cisco IOS XE/AireOS Control/Provisioning input validation [CVE-2020-3492]low4.3---
161892Cisco IOS XE Control/Provisioning input validation [CVE-2020-3489]low2.9---
161891Cisco IOS XE Control/Provisioning input validation [CVE-2020-3488]low2.9---
161890Cisco IOS XE Control/Provisioning input validation [CVE-2020-3487]low2.9---
161889Cisco IOS XE Control/Provisioning input validation [CVE-2020-3486]low2.9---
161888Cisco IOS XE Zone-Based Firewall unusual condition [CVE-2020-3480]low4.3---
161887Cisco IOS/IOS XE Border Gateway Protocol input validation [CVE-2020-3479]low2.6---
161886Cisco IOS/IOS XE CLI Parser input validation [CVE-2020-3477]low1.5---
161885Cisco IOS XE CLI file access [CVE-2020-3476]medium4.1---
161884Cisco IOS XE Web Management Framework input validation [CVE-2020-3475]medium6.0---
161883Cisco IOS XE Web Management Framework input validation [CVE-2020-3474]medium6.0---
161882Cisco IOS XE input validation [CVE-2020-3465]low2.9---
161881Cisco IOS XE WPA2/WPA3 input validation [CVE-2020-3429]low2.9---
161880Cisco IOS XE WLAN Local Profiling input validation [CVE-2020-3428]low2.9---
161879Cisco IOS LPWA Subsystem access control [CVE-2020-3426]medium6.8---
161878Cisco IOS XE Web Management Framework input validation [CVE-2020-3425]medium6.0---
161877Cisco IOS XE Lua Interpreter memory corruption [CVE-2020-3423]medium6.6---
161876Cisco IOS XE IP SLA Responder state issue [CVE-2020-3422]low4.3---
161875Cisco IOS XE Zone-Based Firewall unusual condition [CVE-2020-3421]low4.3---
161874Cisco IOS XE ICMPv6 Traffic access control [CVE-2020-3418]medium5.4---
161873Cisco IOS XE ROM Monitor os command injection [CVE-2020-3417]medium6.6---
161872Cisco IOS XE RSP3 routine [CVE-2020-3416]medium6.6---
161871Cisco IOS XE IPv4/IPv6 data processing [CVE-2020-3414]low4.3---
161870Cisco IOS/IOS XE PROFINET input validation [CVE-2020-3409]low2.9---
161869Cisco IOS/IOS XE Split DNS incorrect regex [CVE-2020-3408]low4.3---
161868Cisco IOS XE Access Control List null pointer dereference [CVE-2020-3407]low4.3---
161867Cisco IOS XE Telnet/SSH authorization [CVE-2020-3404]medium6.6---
161866Cisco IOS XE CLI os command injection [CVE-2020-3403]medium6.6---
161865Cisco IOS XE Web UI authorization [CVE-2020-3400]medium6.0---
161864Cisco IOS XE Control/Provisioning denial of service [CVE-2020-3399]low4.3---
161863Cisco IOS XE USB 3.0 SSD access control [CVE-2020-3396]medium4.1---
161862Cisco IOS XE Role-Based Access Control privileges managementmedium6.6---
161861Cisco IOS XE SNMP Trap input validation [CVE-2020-3390]low2.9---
161860Cisco IOS XE mDNS input validation [CVE-2020-3359]medium7.1---
161859Cisco IOS XE Web Management input validation [CVE-2020-3141]medium8.5---
161858jdownloads send.php sql injectionmedium6.0---
161857Hotspot Shield VPN Directory Permission privileges managementmedium4.1---
161856Joplin Desktop Emded Tag cross site scripting [CVE-2020-15930]low4.3---
161855Nakivo Backup / Replication Transporter Access Control privileges managementmedium6.0---
161854Nakivo Backup / Replication Director Director Web Interface privileges managementmedium6.6---
161853ActFax Folder Permission TSClientB.exe privileges managementmedium4.1---
161852ORY Fosite Storage Error exceptional condition [CVE-2020-15223]medium4.0---
161851ORY Fosite improper authentication [CVE-2020-15222]medium6.8---
161850PrestaShop Attachments cross site scripting [CVE-2020-15162]low4.3---
161849PrestaShop Contact Form cross site scripting [CVE-2020-15161]low4.3---
161848PrestaShop Catalog Product Edition Page Blind sql injectionmedium6.0---
161847JerryScript opcodes.c privileges managementmedium7.5---
161846iSmartgate Pro clickjacking [CVE-2020-13119]medium4.1---
161845iSmartgate Pro File Upload privileges management [CVE-2020-12843]medium4.1---
161844iSmartgate Pro checkUserExpirationDate.php code injectionmedium7.5---
161843iSmartgate Pro index.php cross-site request forgerylow4.3---
161842iSmartgate Pro index.php cross-site request forgerylow4.3---
161841iSmartgate Pro checkExpirationDate.php code injectionmedium7.5---
161840iSmartgate Pro mailAdmin.php code injectionmedium7.5---
161839iSmartgate Pro File Upload unrestricted upload [CVE-2020-12837]medium7.5---
161838Fortinet FortiTester cross site scriting [CVE-2020-12815]low3.5---
161837Fortinet FortiManager/FortiAnalyzer cross site scripting [CVE-2020-12811]low4.3---
161836iSmartgate Pro index.php cross-site request forgerylow4.3---
161835iSmartgate Pro index.php cross-site request forgerylow4.3---
161834AVEVA eDNA Enterprise Data Historian SOAP FavoritesService.asmx sql injectionmedium6.8---
161833Check Point Security Management CA Web Management input validationmedium4.1---
161832Linux Kernel NFC Socket rawsock.c privileges managementmedium4.1---
161831Gemtek WRTM-127ACN/WRTM-127x9 Monitor Diagnostic Network Page privileges managementmedium6.6---
161830Untis WebUntis cross site scriting [CVE-2020-22453]low3.5---
161829Telmat AccessLog Administration Panel code injection [CVE-2020-16148]high9.3---
161828Telmat AccessLog Login Page code injection [CVE-2020-16147]high9.3---
161827Liferay Portal URL Encoding privileges management [CVE-2020-15840]medium4.1---
161826AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx sql injectionmedium6.8---
161825AVEVA eDNA Enterprise Data Historian Web Service Alias.asmx sql injectionmedium6.8---
161824AVEVA eDNA Enterprise Data Historian Web Service Alias.asmx sql injectionmedium6.8---
161823AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx sql injectionmedium6.8---
161822AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx sql injectionmedium6.8---
161821AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx sql injectionmedium6.8---
161820AVEVA eDNA Enterprise Data Historian Web Service DNAPoints.asmx sql injectionmedium6.8---
161819Fortinet FortiGate Log privileges management [CVE-2020-12818]low1.9---
161818Fortinet FortiAnalyzer injection [CVE-2020-12817]low3.5---
161817Fortinet FortiNAC Stored cross site scriting [CVE-2020-12816]low3.5---
161816iSmartgate Pro opendoor.php cross-site request forgerylow4.3---
161815Trend Micro Security 2019 SSL Certificate Validator certificate validationmedium5.1---
161814Trend Micro Security 2019 SSL Certificate Validator certificate validationmedium5.1---
161813Xen Timer Migration race condition [CVE-2020-25604]medium4.7---
161812Xen Event Channel smp_*mb memory corruptionmedium4.1---
161811Xen Error denial of service [CVE-2020-25602]medium4.4---
161810Xen FIFO Event Channel evtchn_destroy denial of servicelow1.5---
161809Xen Event Channel denial of service [CVE-2020-25600]medium4.4---
161808Xen evtchn_reset memory corruptionmedium4.1---
161807Xen RCU denial of service [CVE-2020-25598]medium4.4---
161806Xen denial of service [CVE-2020-25597]medium4.4---
161805Xen SYSENTER null terminationlow4.4---
161804Xen PCI Passthrough backdoor [CVE-2020-25595]medium6.0---
161803IgniteNet HeliOS GLinq cross-site request forgery [CVE-2020-5783]low4.3---
161802IgniteNet HeliOS GLinq denial of service [CVE-2020-5782]low1.5---
161801IgniteNet HeliOS GLinq Luci Configuration luci authenticator.htmlauth denial of servicelow1.5---
161800IBM Security Secret Server SSL Certificate Validator improper authenticationlow2.6---
161799IBM Security Secret Server privileges management [CVE-2020-4324]medium6.0---
161798gon Gem XSS Protection Mechanism json_dumper.rb cross site scriptinglow4.3---
161797YGOPro ygocore integer overflow [CVE-2020-24213]medium4.1---
161796Liquibase Runner Plugin Permission Check authorization [CVE-2020-2285]medium4.1---
161795Liquibase Runner Plugin XML Parser xml external entity referencemedium4.1---
161794Liquibase Runner Plugin Changeset Content Stored cross site scriptinglow3.5---
161793Implied Labels Plugin Permission Check authorization [CVE-2020-2282]medium6.0---
161792Lockable Resources Plugin cross-site request forgery [CVE-2020-2281]low4.3---
161791Warnings Plugin cross-site request forgery [CVE-2020-2280]low4.3---
161790Script Security Plugin Sandbox protection mechanism [CVE-2020-2279]medium6.0---
161789GE Digital APM Classic Hash hash without salt [CVE-2020-16244]low1.0---
161788GE Digital APM Classic JSON authorization [CVE-2020-16240]low1.5---
161787GLPI risky encryption [CVE-2020-11031]low1.0---
161786Aruba CX Switch Cisco Discovery Protocol denial of service [CVE-2020-7122]low1.5---
161785Aruba CX Switch Link Layer Discovery Protocol denial of servicelow1.5---
161784HPE Pay Per Use Utility Computing Service Meter doPost code injectionmedium4.4---
161783HPE Pay Per Use Utility Computing Service Meter doGet path traversallow1.9---
161782HPE Pay Per Use Utility Computing Service Meter execute path traversalmedium4.4---
161781podman Varlink API/REST API information disclosure [CVE-2020-14370]low1.5---
161780ansible-engine dnf Module signature verification [CVE-2020-14365]medium4.1---
161779Wildfly Elytron Form Authentication session fixiation [CVE-2020-10714]medium4.1---
161778Undertow HTTP input validation [CVE-2020-10687]medium6.0---
161777PingID integration CefSharp.BrowserSubprocess.exe privileges managementmedium4.1---
161776Cisco IOS XR DVMRP resource consumption [CVE-2020-3569]low4.3---
161775Cisco TelePresence Collaboration Endpoint Video Endpoint API path traversalmedium6.0---
161773Cisco Unified Communications Manager Web-based Management Interface cross-site request forgerylow4.3---
161772Cisco Email Security Appliance Content Filter input validationmedium6.8---
161771Cisco Unity Connection Web Management Interface path traversalmedium4.6---
161770Cisco Hosted Collaboration Mediation Fulfillment Web-based Interface cross-site request forgerylow4.3---
161769Cisco Web Security Appliance API Framework Header Injection response splittingmedium6.8---
161768Cisco WebEx UCF File input validation [CVE-2020-3116]low4.3---
161767peg-markdown markdown_lib.c process_raw_blocks null pointer dereferencelow5.0---
161766Cisco Email Security Appliance Advanced Malware Protection input validationlow4.3---
161765Cisco Email Security Appliance Email Message Filter input validationlow4.3---
161764Cisco Unified Contact Center Express Administration Web Interface unrestricted uploadmedium6.0---
161763Cisco UCS C-Series Rack Servers Signature Validation signature verificationmedium6.6---
161762Cisco FirePOWER Management Center Web-based Management Interface improper authenticationmedium6.8---
161761Cisco Emergency Responder Web-based Management Interface cross site scriptinglow3.5---
161760Cisco IOS XR Border Gateway Protocol resource management [CVE-2019-16023]low4.3---
161759Cisco IOS XR Border Gateway Protocol resource management [CVE-2019-16021]low4.3---
161758Cisco IOS XR Border Gateway Protocol resource management [CVE-2019-16019]low4.3---
161757Cisco OAMP OpsConsole Server access control [CVE-2019-16017]medium6.0---
161756Cisco IOS/IOS XE Web UI cross-site request forgery [CVE-2019-16009]low4.3---
161755Cisco AnyConnect Secure Mobility Client insufficient verification of data authenticitylow4.1---
161754Cisco Vision Dynamic Signage Director REST API Endpoint missing authenticationmedium6.8---
161753Cisco Umbrella Roaming Client Installer insufficient verification of data authenticitymedium4.1---
161752Cisco Small Business Switches Web UI config [CVE-2019-15993]low4.3---
161751Cisco ASA/Firepower Threat Defense Lua Interpreter memory corruptionmedium8.5---
161750Cisco Managed Services Accelerator Web Interface redirect [CVE-2019-15974]medium6.8---
161749Cisco Web Security Appliance Web-based Management Interface cross site scriptinglow4.3---
161748Cisco Unified Communications Manager Web-based Management Interface information disclosurelow3.5---
161747Cisco Small Business SPA500 Testing Script input validation [CVE-2019-15959]low4.1---
161746Cisco Small Business RV Series Router Web-based Management Interface input validationmedium6.0---
161745Cisco TelePresence Collaboration Endpoint/RoomOS input validationlow4.3---
161744Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionmedium6.8---
161743Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionmedium6.8---
161742Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionmedium6.8---
161741Telestream Tektronix Medius/Sentry Server Login Page index.php sql injectionmedium6.8---
161740IBM Data Risk Manager hard-coded credentials [CVE-2020-4622]medium5.0---
161739IBM Data Risk Manager authorization [CVE-2020-4621]medium6.5---
161738IBM Data Risk Manager Extension unrestricted upload [CVE-2020-4620]medium9.0---
161737IBM Data Risk Manager Credential Storage cleartext storage [CVE-2020-4619]low3.5---
161736IBM Data Risk Manager input validation [CVE-2020-4618]low4.0---
161735IBM Data Risk Manager cross-site request forgery [CVE-2020-4617]low4.3---
161734IBM Data Risk Manager information disclosure [CVE-2020-4616]low5.0---
161733IBM Data Risk Manager Web UI cross site scripting [CVE-2020-4615]low3.5---
161732IBM Data Risk Manager risky encryption [CVE-2020-4614]low4.3---
161731IBM Data Risk Manager risky encryption [CVE-2020-4613]low4.3---
161730IBM Data Risk Manager information disclosure [CVE-2020-4612]low4.0---
161729IBM Data Risk Manager permission assignment [CVE-2020-4611]medium6.5---
161728VMware Horizon DaaS Two-factor Authentication missing authenticationmedium6.0---
161727SourceCodester Simple Library Management System New Book privileges managementmedium4.1---
161726SourceCodester Simple Library Management System Login Panel admin.php improper authenticationmedium4.4---
161725PHPGurukul Zoo Management System animal-detail.php sql injectionmedium6.8---
161724Shotcut TLS mainwindow.cpp VerifyNone) risky encryptionlow2.6---
161723Arista CloudVision Portal Configlet Management improper authenticationlow4.0---
161722Verint Workforce Optimization API information disclosure [CVE-2020-23446]low4.3---
161721Liferay Portal/Liferay DXP Multipart Form unrestricted uploadlow3.5---
161720Ozeki NG SMS Gateway TXT File Module denial of service [CVE-2020-14031]low4.9---
161719Ozeki NG SMS Gateway Autoreply path traversal [CVE-2020-14028]medium8.5---
161718Ozeki NG SMS Gateway Database Connection argument injection [CVE-2020-14027]medium6.0---
161717Ozeki NG SMS Gateway CSV Export csv injection [CVE-2020-14026]medium6.8---
161716Ozeki NG SMS Gateway cross-site request forgery [CVE-2020-14025]low4.3---
161715Ozeki NG SMS Gateway Stored cross site scripting [CVE-2020-14024]low4.3---
161714Ozeki NG SMS Gateway SMS WCF/RSS to SMS server-side request forgerymedium6.5---
161713Ozeki NG SMS Gateway Bulk Import unrestricted upload [CVE-2020-14022]medium6.0---
161712Micro Focus Operation Bridge Reporter hard-coded credentialsmedium6.8---
161711Micro Focus Operation Bridge Reporter authorization [CVE-2020-11856]medium6.8---
161710Micro Focus Operation Bridge Reporter privileges management [CVE-2020-11855]medium4.1---
161709cabot Package Endpoint Column cross site scriting [CVE-2020-7734]low3.5---
161708Google Chrome Offscreen Canvas use after free [CVE-2020-6576]medium6.8---
161707Google Chrome Omnibox Domain input validationmedium6.8---
161706Google Chrome WebRTC information disclosure [CVE-2020-6570]low4.3---
161705Google Chrome WebUSB integer overflow [CVE-2020-6569]medium6.8---
161704Google Chrome Policy Enforcement privileges management [CVE-2020-6568]medium6.8---
161703Google Chrome Command Line privileges management [CVE-2020-6567]medium6.8---
161702Google Chrome Media origin validation [CVE-2020-6566]low4.3---
161701Google Chrome Omnibox authentication spoofing [CVE-2020-6565]medium6.8---
161700Google Chrome Permission Dialog permissions [CVE-2020-6564]medium6.8---
161699Google Chrome Intent information disclosure [CVE-2020-6563]low4.3---
161698Google Chrome Blink permission assignment [CVE-2020-6562]low4.3---
161697Google Chrome Content Security Policy origin validation [CVE-2020-6561]low4.3---
161696Google Chrome Autofill origin validation [CVE-2020-6560]low4.3---
161695Google Chrome Presentation API use after free [CVE-2020-6559]medium6.8---
161694Google Chrome iOSWeb privileges management [CVE-2020-6558]medium6.8---
161693Google Chrome Swiftshader out-of-bounds write [CVE-2020-6556]medium6.8---
161692Google Chrome WebUSB use after free [CVE-2020-6541]medium6.8---
161691Google Chrome Skia out-of-bounds write [CVE-2020-6540]medium6.8---
161690Google Chrome CSS use after free [CVE-2020-6539]medium6.8---
161689Google Chrome WebView origin validation [CVE-2020-6538]low4.3---
161688Google Chrome v8 type confusion [CVE-2020-6537]medium6.8---
161687Google Chrome SCTP use after free [CVE-2020-6532]medium6.8---
161686IBM Aspera Web Application Web UI cross site scriting [CVE-2020-4731]low4.3---
161685IBM WebSphere Application Server XML Data xml external entity referencemedium6.8---
161684IBM WebSphere Application Server Liberty oAuth/openidConnectServer denial of servicelow2.1---
161683IBM DataPower Gateway HTTP2 Request denial of service [CVE-2020-4581]low4.3---
161682IBM DataPower Gateway denial of service [CVE-2020-4580]low4.3---
161681IBM DataPower Gateway HTTP2 Request denial of service [CVE-2020-4579]low4.3---
161680IBM Business Automation Content Analyzer on Cloud Authorization Token missing encryptionlow2.6---
161679Google Chrome Policy Enforcement information disclosure [CVE-2020-15966]low2.6---
161678Google Chrome v8 type confusion [CVE-2020-15965]medium6.8---
161677Google Chrome Media out-of-bounds write [CVE-2020-15964]medium6.8---
161676Google Chrome Policy Enforcement sandbox [CVE-2020-15963]medium5.1---
161675Google Chrome Serial Policy Validator memory corruption [CVE-2020-15962]medium6.8---
161674Google Chrome Extension Policy Validator sandbox [CVE-2020-15961]medium5.1---
161673Google Chrome Storage out-of-bounds write [CVE-2020-15960]medium6.8---
161672Advantech WebAccess Node permission assignment [CVE-2020-16202]medium6.9---
161671AVEVA Enterprise Data Management Web sql injection [CVE-2020-13501]medium6.8---
161670AVEVA Enterprise Data Management Web sql injection [CVE-2020-13500]medium6.8---
161669AVEVA Enterprise Data Management Web sql injection [CVE-2020-13499]medium6.8---
161668Fatek PLC WinProladder stack-based overflow [CVE-2020-16234]medium6.9---
161667Drupal AJAX API cross site scriting [CVE-2020-13666]low3.5---
161666Drupal File Module privileges management [CVE-2020-13670]medium4.1---
161665FreeBSD ftpd privileges management [CVE-2020-7468]medium8.5---
161664Drupal Experimental Workspaces privileges management [CVE-2020-13667]medium4.1---
161663Drupal CKEditor Reflected cross site scritinglow3.5---
161662Drupal Reflected cross site scriting [CVE-2020-13668]low3.5---
161661FreeBSD bhyve SVM Guest privileges management [CVE-2020-7467]high9.3---
161660FreeBSD bhyve privileges management [CVE-2020-24718]medium4.1---
161659FreeBSD ure Device Driver injection [CVE-2020-7464]medium6.8---
161658Acronis Cyber Backup server-side request forgery [CVE-2020-16171]medium6.8---
161657ModSecurity resource consumption [CVE-2020-15598] [Disputed]low4.3---
161656Atlassian Jira Service Desk Server/Data Center Project Request Type information disclosurelow3.5---
161655Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosurelow4.3---
161654Atlassian JIRA Server/Data Center incorrect regex [CVE-2020-14177]low3.5---
161653sized-chunks crate InlineArray array indexmedium5.0---
161652sized-chunks crate insert_from double freemedium6.8---
161651sized-chunks crate memory leak [CVE-2020-25794]medium6.8---
161650sized-chunks crate array index [CVE-2020-25793]medium6.8---
161649sized-chunks crate pair array indexmedium6.8---
161648sized-chunks crate unit array indexmedium6.8---
161647Typesetter CMS unrestricted upload [CVE-2020-25790]medium3.5---
161646Tiny RSS cross site scripting [CVE-2020-25789]low4.3---
161645Tiny RSS Error Message init.php unknown vulnerabilitymedium6.8---
161644Tiny RSS URL input validation [CVE-2020-25787]high10.0---
161643D-Link DIR-816L/DIR-803 URL Encoding info.php cross site scriptinglow4.3---
161642Huawei HiSilicon RTSP Stream information disclosure [CVE-2020-24216] [Disputed]low1.5---
161641Huawei HiSilicon printf memory corruption [Disputed]medium6.8---
161640Huawei HiSilicon box_ProcessRequest unrestricted upload [Disputed]medium4.4---
161639Huawei HiSilicon box_ProcessRequest path traversal [Disputed]low1.5---
161638Huawei HiSilicon Telnet Service privileges management [CVE-2020-24218] [Disputed]medium9.3---
161637Huawei HiSilicon backdoor [CVE-2020-24215] [Disputed]medium6.9---
161636Huawei Taurus-AN00B use after free [CVE-2020-9084]medium4.1---
161635Citrix XenMobile Server improper authentication [CVE-2020-8253]medium6.8---
161634libuv realpath buffer overflowmedium4.1---
161633Node.js resource consumption [CVE-2020-8251]low5.0---
161632Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP Management Interface privileges managementmedium4.1---
161631Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP Management Network resource consumptionlow1.5---
161630Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scriptinglow3.5---
161629json-bigint resource consumption [CVE-2020-8237]low5.0---
161628Nextcloud Desktop Client cleartext storage [CVE-2020-8225]low4.3---
161627Node.js request smuggling [CVE-2020-8201]medium6.8---
161626Citrix Storefront Server improper authentication [CVE-2020-8200]low1.0---
161625TypeORM Prototype Remote Code Execution [CVE-2020-8158]medium6.8---
161624Puppet Enterprise CD4PE Deployment Definition Credentials insufficiently protected credentialslow1.9---
161623Spring Framework RFD privileges management [CVE-2020-5421]medium6.0---
161622InstallBuilder for Qt Windows Installer untrusted search pathmedium4.1---
161621MISP Login Page privileges management [CVE-2020-25766]medium7.5---
161620RESTEasy Client information exposure [CVE-2020-25633]low4.3---
161619Philips Collaboration Platform config [CVE-2020-16247]low2.1---
161618eWON Flexy/Cosy injection [CVE-2020-16230]medium4.4---
161617Philips Collaboration Platform downgrade [CVE-2020-16200]low3.3---
161616Philips Collaboration Platform protection mechanism [CVE-2020-16198]medium5.4---
161615SOY CMS unrestricted upload [CVE-2020-15189]low2.8---
161614Alfresco Reset Password Add-On input validation [CVE-2020-15181]medium6.8---
161613Philips Collaboration Platform unknown vulnerability [CVE-2020-14525]low3.5---
161612Philips Collaboration Platform cross-site request forgery [CVE-2020-14506]medium6.8---
161611Linux Kernel Screen Size out-of-bounds write [CVE-2020-14390]medium4.4---
161610Ozeki NG SMS Gateway RSS to SMS Module xml external entity referencemedium7.5---
161609Ozeki NG SMS Gateway ASP.NET SMS Module privileges managementmedium6.0--<