CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2020-12-16
Medium

CVE-2020-4905

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an…

Read more
High

CVE-2019-14483

AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential man…

Read more
Low

CVE-2020-4008

The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sens…

Read more
Medium

CVE-2020-25619

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwardi…

Read more
2020-12-15
High

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a…

Read more
High

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

Read more
High

CVE-2020-35380

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

Read more
Medium

CVE-2020-27147

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated logi…

Read more
Critical

CVE-2020-27068

Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel

Read more
Medium

CVE-2020-27041

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privil…

Read more
Medium

CVE-2020-27039

In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed.…

Read more
Medium

CVE-2020-27034

In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution…

Read more
High

CVE-2020-27030

In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm wit…

Read more
Medium

CVE-2020-27025

In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution priv…

Read more
Medium

CVE-2020-27023

In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execut…

Read more
Medium

CVE-2020-0500

In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution priv…

Read more
High

CVE-2020-28442

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.

Read more
High

CVE-2020-35471

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

Read more
High

CVE-2020-35470

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-prox…

Read more
2020-12-14
Medium

CVE-2020-0469

In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privilege…

Read more
Critical

CVE-2020-29227

An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, t…

Read more
Medium

CVE-2020-35236

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.

Read more
High

CVE-2020-5665

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on progr…

Read more
High

CVE-2020-35235

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFin…

Read more
2020-12-11
Medium

CVE-2020-35175

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.

Read more
High

CVE-2020-17440

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' ter…

Read more
Medium

CVE-2020-15376

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the…

Read more
High

CVE-2020-5949

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

Read more
Medium

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.

Read more
High

CVE-2020-7791

This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.

Read more
High

CVE-2020-27508

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.

Read more
High

CVE-2020-7793

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

Read more
Low

CVE-2020-26412

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.

Read more
Medium

CVE-2020-25838

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive…

Read more
High

CVE-2020-24637

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity…

Read more
2020-12-10
High

CVE-2020-4829

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

Read more
Medium

CVE-2020-29666

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and…

Read more
Medium

CVE-2020-12595

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. Thi…

Read more
High

CVE-2020-12594

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 1…

Read more
High

CVE-2020-17159

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Read more
High

CVE-2020-17158

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Read more
High

CVE-2020-17156

Visual Studio Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17153

Microsoft Edge for Android Spoofing Vulnerability

Read more
High

CVE-2020-17152

Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Read more
High

CVE-2020-17150

Visual Studio Code Remote Code Execution Vulnerability

Read more
High

CVE-2020-17148

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17145

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Read more
High

CVE-2020-17143

Microsoft Exchange Server Information Disclosure Vulnerability

Read more
Critical

CVE-2020-17142

Microsoft Exchange Remote Code Execution Vulnerability

Read more
High

CVE-2020-17141

Microsoft Exchange Remote Code Execution Vulnerability

Read more
High

CVE-2020-17140

Windows SMB Information Disclosure Vulnerability

Read more
High

CVE-2020-17139

Windows Overlay Filter Security Feature Bypass Vulnerability

Read more
Medium

CVE-2020-17138

Windows Error Reporting Information Disclosure Vulnerability

Read more
High

CVE-2020-17137

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Read more
High

CVE-2020-17136

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Read more
Medium

CVE-2020-17135

Azure DevOps Server Spoofing Vulnerability

Read more
High

CVE-2020-17134

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Read more
Medium

CVE-2020-17133

Microsoft Dynamics Business Central/NAV Information Disclosure

Read more
Critical

CVE-2020-17132

Microsoft Exchange Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17130

Microsoft Excel Security Feature Bypass Vulnerability

Read more
High

CVE-2020-17129

Microsoft Excel Remote Code Execution Vulnerability

Read more
High

CVE-2020-17128

Microsoft Excel Remote Code Execution Vulnerability

Read more
High

CVE-2020-17127

Microsoft Excel Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17126

Microsoft Excel Information Disclosure Vulnerability

Read more
High

CVE-2020-17125

Microsoft Excel Remote Code Execution Vulnerability

Read more
High

CVE-2020-17124

Microsoft PowerPoint Remote Code Execution Vulnerability

Read more
High

CVE-2020-17123

Microsoft Excel Remote Code Execution Vulnerability

Read more
High

CVE-2020-17122

Microsoft Excel Remote Code Execution Vulnerability

Read more
High

CVE-2020-17121

Microsoft SharePoint Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17120

Microsoft SharePoint Information Disclosure Vulnerability

Read more
Medium

CVE-2020-17119

Microsoft Outlook Information Disclosure Vulnerability

Read more
High

CVE-2020-17118

Microsoft SharePoint Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17117

Microsoft Exchange Remote Code Execution Vulnerability

Read more
High

CVE-2020-17115

Microsoft SharePoint Server Spoofing Vulnerability

Read more
High

CVE-2020-17103

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Read more
Medium

CVE-2020-17099

Windows Lock Screen Security Feature Bypass Vulnerability

Read more
Medium

CVE-2020-17098

Windows GDI+ Information Disclosure Vulnerability

Read more
Low

CVE-2020-17097

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Read more
High

CVE-2020-17096

Windows NTFS Remote Code Execution Vulnerability

Read more
High

CVE-2020-17095

Windows Hyper-V Remote Code Execution Vulnerability

Read more
Medium

CVE-2020-17094

Windows Error Reporting Information Disclosure Vulnerability

Read more
High

CVE-2020-17092

Windows Network Connections Service Elevation of Privilege Vulnerability

Read more
High

CVE-2020-17089

Microsoft SharePoint Elevation of Privilege Vulnerability

Read more
High

CVE-2020-17002

Azure SDK for C Security Feature Bypass Vulnerability

Read more
Medium

CVE-2020-16996

Kerberos Security Feature Bypass Vulnerability

Read more
High

CVE-2020-16971

Azure SDK for Java Security Feature Bypass Vulnerability

Read more
High

CVE-2020-16964

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16963

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16962

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16961

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16960

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16959

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
High

CVE-2020-16958

Windows Backup Engine Elevation of Privilege Vulnerability

Read more
2020-12-09
Critical

CVE-2020-26831

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An att…

Read more
High

CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying…

Read more
Medium

CVE-2020-26967

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This w…

Read more
Medium

CVE-2020-26966

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: Th…

Read more
Medium

CVE-2020-26964

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privile…

Read more
Medium

CVE-2020-26963

Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox…

Read more
Medium

CVE-2020-26961

When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped…

Read more
Medium

CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…

Read more
2020-12-08
High

CVE-2020-9991

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to…

Read more
Critical

CVE-2020-28274

Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.

Read more
Medium

CVE-2020-27929

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls…

Read more
Medium

CVE-2020-27925

An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously w…

Read more
High

CVE-2020-27904

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary c…

Read more
High

CVE-2020-27903

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.

Read more
Medium

CVE-2020-27900

An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview file…

Read more
Low

CVE-2020-27895

An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious applica…

Read more
Medium

CVE-2020-9989

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

Read more
Medium

CVE-2020-9988

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

Read more
Medium

CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to deter…

Read more
Medium

CVE-2020-9969

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view sen…

Read more
Medium

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files o…

Read more
Medium

CVE-2020-9922

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciou…

Read more
Medium

CVE-2020-27894

The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from.

Read more
High

CVE-2020-10013

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

Read more
Medium

CVE-2020-10009

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

Read more
Medium

CVE-2020-10007

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.

Read more
Medium

CVE-2020-10006

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.

Read more
>