| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-11000 | Improper URL validation in GreenBrowser | S | |
| CVE-2020-11001 | Possible XSS attack in Wagtail | E | |
| CVE-2020-11002 | Remote Code Execution (RCE) vulnerability in dropwizard-validation | E S | |
| CVE-2020-11003 | CSRF and DNS Rebinding in Oasis | | |
| CVE-2020-11004 | SQL Injection in Admidio | S | |
| CVE-2020-11005 | Internal NCryptDecrypt method could be used externally from WindowsHello library. | | |
| CVE-2020-11006 | Potential remote code execution in Shopizer | S | |
| CVE-2020-11007 | Negative charge in shopping cart possible in Shopizer | S | |
| CVE-2020-11008 | Malicious URLs can still cause Git to send a stored credential to the wrong server | S | |
| CVE-2020-11009 | IDOR can reveal execution data and logs to unauthorized user in Rundeck | | |
| CVE-2020-11010 | SQL injection in Tortoise ORM | S | |
| CVE-2020-11011 | RCE via file upload in Phproject | S | |
| CVE-2020-11012 | Authentication bypass MinIO Admin API | S | |
| CVE-2020-11013 | lookup Function Information Discolosure in Helm | E | |
| CVE-2020-11014 | BIP LI01 output reordering may cause malformed SLP MINT transactions in Electron-Cash-SLP | S | |
| CVE-2020-11015 | Device Authentication Vulnerability in thinx-device-api IoT Device Management Server | | |
| CVE-2020-11016 | Remote code execution in Message sending functionality in IntelMQ Manager | S | |
| CVE-2020-11017 | Double free in cliprdr_server_receive_capabilities in FreeRDP | | |
| CVE-2020-11018 | Out of bound read in cliprdr_server_receive_capabilities in FreeRDP | | |
| CVE-2020-11019 | Out of bound read in update_recv in FreeRDP | | |
| CVE-2020-11020 | Authentication and extension bypass in Faye | E S | |
| CVE-2020-11021 | HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client | S | |
| CVE-2020-11022 | Potential XSS vulnerability in jQuery | E S | |
| CVE-2020-11023 | Potential XSS vulnerability in jQuery | KEV E S | |
| CVE-2020-11024 | Man-in-the-middle attack in Moonlight iOS/tvOS | S | |
| CVE-2020-11025 | Authenticated cross-site scripting (XSS) in WordPress Customizer | | |
| CVE-2020-11026 | Specially crafted filenames in WordPress leading to XSS | | |
| CVE-2020-11027 | Password reset links invalidation issue in WordPress | | |
| CVE-2020-11028 | Unauthenticated disclosure of certain private posts in WordPress | | |
| CVE-2020-11029 | Cross-site scripting in stats method (object cache) in WordPress | | |
| CVE-2020-11030 | Cross-site scripting (XSS) in Search block in WordPress | | |
| CVE-2020-11031 | Insecure encryption algorithm in GLPI | S | |
| CVE-2020-11032 | SQL injection on addme_observer and addme_assign in GLPI | | |
| CVE-2020-11033 | Able to read any token through API user endpoint in GLPI | | |
| CVE-2020-11034 | bypass of manageRedirect in GLPI | S | |
| CVE-2020-11035 | weak CSRF tokens in GLPI | | |
| CVE-2020-11036 | XSS in GLPI | E | |
| CVE-2020-11037 | Potential Observable Timing Discrepancy in Wagtail | | |
| CVE-2020-11038 | Integer Overflow to Buffer Overflow in FreeRDP | | |
| CVE-2020-11039 | Integer Overflow in FreeRDP | | |
| CVE-2020-11040 | Out-of-bounds Read in FreeRDP | | |
| CVE-2020-11041 | Improper Validation of Array Index in FreeRDP | | |
| CVE-2020-11042 | Out-of-bounds Read in FreeRDP | E S | |
| CVE-2020-11043 | Out-of-bounds Read in FreeRDP | S | |
| CVE-2020-11044 | Double Free in FreeRDP | E S | |
| CVE-2020-11045 | Out-of-bounds Read in FreeRDP | E S | |
| CVE-2020-11046 | Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP | S | |
| CVE-2020-11047 | Out-of-bounds Read in FreeRDP | E S | |
| CVE-2020-11048 | Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu | E S | |
| CVE-2020-11049 | Out-of-bounds Read in FreeRDPrdp_read_share_control_header | E S | |
| CVE-2020-11050 | Improper Validation of Certificate with Host Mismatch in Java-WebSocket | | |
| CVE-2020-11051 | XSS in Wiki.js | S | |
| CVE-2020-11052 | Improper Restriction of Excessive Authentication Attempts in Sorcery | S | |
| CVE-2020-11053 | Open Redirect in OAuth2 Proxy | | |
| CVE-2020-11054 | Incorrect Provision of Specified Functionality in qutebrowser | S | |
| CVE-2020-11055 | Cross-site Scripting in BookStack | | |
| CVE-2020-11056 | Potential Code Injection in Sprout Forms | | |
| CVE-2020-11057 | Code Injection in XWiki Platform | E S | |
| CVE-2020-11058 | Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP | S | |
| CVE-2020-11059 | Exposure of Sensitive Information to an Unauthorized Actor in AEgir | | |
| CVE-2020-11060 | Remote Code Execution in GLPI | S | |
| CVE-2020-11061 | Heap-based Buffer Overflow in Bareos Director | | |
| CVE-2020-11062 | Reflexive XSS in GLPI | S | |
| CVE-2020-11063 | Observable Response Discrepancy in TYPO3 CMS | | |
| CVE-2020-11064 | Cross-Site Scripting in TYPO3 CMS | | |
| CVE-2020-11065 | Cross-Site Scripting in TYPO3 CMS | | |
| CVE-2020-11066 | Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS | | |
| CVE-2020-11067 | Deserialization of Untrusted Data in TYPO3 CMS | | |
| CVE-2020-11068 | Potential Buffer Overflow in LoRaMac-node | S | |
| CVE-2020-11069 | Cross-Site Request Forgery in TYPO3 CMS | | |
| CVE-2020-11070 | Cross-Site Scripting in SVG Sanitizer | | |
| CVE-2020-11071 | False-negative validation results in MINT transactions with invalid baton | S | |
| CVE-2020-11072 | False-negative validation results in MINT transactions with invalid baton | S | |
| CVE-2020-11073 | Remote Code Execution in Autoswitch Python Virtualenv | E S | |
| CVE-2020-11074 | Stored XSS in PrestaShop | S | |
| CVE-2020-11075 | Shell Escape in Anchore Engine | S | |
| CVE-2020-11076 | HTTP Smuggling via Transfer-Encoding Header in Puma | S | |
| CVE-2020-11077 | HTTP Smuggling via Transfer-Encoding Header in Puma | | |
| CVE-2020-11078 | CRLF injection in httplib2 | S | |
| CVE-2020-11079 | command injection fix in node-dns-sync | S | |
| CVE-2020-11080 | Denial of service in nghttp2 | S | |
| CVE-2020-11081 | osquery susceptible to DLL search order hijacking of zlib1.dll | E S | |
| CVE-2020-11082 | Cross-Site Scripting in Kaminari | S | |
| CVE-2020-11083 | Stored XSS in October | E S | |
| CVE-2020-11084 | Command Injection in iPear | | |
| CVE-2020-11085 | Out-of-bounds Read in FreeRDP | S | |
| CVE-2020-11086 | Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response` | S | |
| CVE-2020-11087 | Out-of-bounds Read in FreeRDP | S | |
| CVE-2020-11088 | Out-of-bound read in FreeRDP | | |
| CVE-2020-11089 | Out-of-bound read in FreeRDP | S | |
| CVE-2020-11090 | Uncontrolled Resource Consumption in Indy Node | | |
| CVE-2020-11091 | Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements | S | |
| CVE-2020-11093 | Authorization bypass in Hyperledger Indy | E S | |
| CVE-2020-11094 | Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar | S | |
| CVE-2020-11095 | Global OOB read in update_recv_primary_order in FreeRDP | S | |
| CVE-2020-11096 | Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP | S | |
| CVE-2020-11097 | OOB read in ntlm_av_pair_get in FreeRDP | S | |
| CVE-2020-11098 | Out-of-bound read in glyph_cache_put in FreeRDP | S | |
| CVE-2020-11099 | OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP | S | |
| CVE-2020-11100 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a r... | | |
| CVE-2020-11101 | Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthent... | | |
| CVE-2020-11102 | hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the f... | | |
| CVE-2020-11103 | JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.... | | |
| CVE-2020-11104 | An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ lo... | E | |
| CVE-2020-11105 | An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr valu... | E | |
| CVE-2020-11106 | An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the sessio... | E | |
| CVE-2020-11107 | An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Wind... | E | |
| CVE-2020-11108 | The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary fil... | E | |
| CVE-2020-11110 | Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl fiel... | | |
| CVE-2020-11111 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-11112 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-11113 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-11114 | u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio rang... | | |
| CVE-2020-11115 | u'Buffer over read occurs while processing information element from beacon due to lack of check of d... | S | |
| CVE-2020-11116 | u'Possible out of bound write while processing association response received from host due to lack o... | S | |
| CVE-2020-11117 | u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbi... | E | |
| CVE-2020-11118 | u'Information exposure issues while processing IE header due to improper check of beacon IE frame' i... | | |
| CVE-2020-11119 | Buffer over-read can happen when the buffer length received from response handlers is more than the ... | | |
| CVE-2020-11120 | u'Calling thread may free the data buffer pointer that was passed to the callback and later when eve... | | |
| CVE-2020-11121 | u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of des... | | |
| CVE-2020-11122 | u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary inva... | | |
| CVE-2020-11123 | u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to preve... | | |
| CVE-2020-11124 | u'Possible use-after-free while accessing diag client map table since list can be reallocated due to... | S | |
| CVE-2020-11125 | u'Out of bound access can happen in MHI command process due to lack of check of channel id value rec... | S | |
| CVE-2020-11126 | Possible out of bound read while WLAN frame parsing due to lack of check for body and header length ... | | |
| CVE-2020-11127 | u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible b... | | |
| CVE-2020-11128 | u'Possible out of bound access while copying the mask file content into the buffer without checking ... | | |
| CVE-2020-11129 | u'During the error occurrence in capture request, the buffer is freed and later accessed causing the... | | |
| CVE-2020-11130 | u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer lengt... | | |
| CVE-2020-11131 | u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing ... | | |
| CVE-2020-11132 | u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to r... | | |
| CVE-2020-11133 | u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdr... | | |
| CVE-2020-11134 | Possible stack out of bound write might happen due to time bitmap length and bit duration fields of ... | | |
| CVE-2020-11135 | u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, ... | | |
| CVE-2020-11136 | Buffer Over-read in audio driver while using malloc management function due to not returning NULL fo... | | |
| CVE-2020-11137 | Integer multiplication overflow resulting in lower buffer size allocation than expected causes memor... | | |
| CVE-2020-11138 | Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitial... | | |
| CVE-2020-11139 | Out of bound memory access while processing frames due to lack of check of invalid frames received i... | | |
| CVE-2020-11140 | Out of bound memory access during music playback with ALAC modified content due to improper validati... | | |
| CVE-2020-11141 | u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap config... | | |
| CVE-2020-11143 | Out of bound memory access during music playback with modified content due to copying data without c... | | |
| CVE-2020-11144 | Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of s... | | |
| CVE-2020-11145 | Divide by zero issue can happen while updating delta extension header due to improper validation of ... | | |
| CVE-2020-11146 | Out of bound write while copying data using IOCTL due to lack of check of array index received from ... | S | |
| CVE-2020-11147 | Use after free issue in audio modules while removing and freeing objects during list iteration due t... | | |
| CVE-2020-11148 | Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is ... | | |
| CVE-2020-11149 | Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdrag... | S | |
| CVE-2020-11150 | Out of bound memory access in camera driver due to improper validation on data coming from UMD which... | S | |
| CVE-2020-11151 | Race condition occurs while calling user space ioctl from two different threads can results to use a... | S | |
| CVE-2020-11152 | Race condition in HAL layer while processing callback objects received from HIDL due to lack of sync... | S | |
| CVE-2020-11153 | u'Out of bound memory access while processing GATT data received due to lack of check of pdu data le... | | |
| CVE-2020-11154 | u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of bu... | | |
| CVE-2020-11155 | u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length bef... | | |
| CVE-2020-11156 | u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet... | | |
| CVE-2020-11157 | u'Lack of handling unexpected control messages while encryption was in progress can terminate the co... | | |
| CVE-2020-11158 | u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font ar... | | |
| CVE-2020-11159 | Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length i... | | |
| CVE-2020-11160 | Resource leakage issue during dci client registration due to reference count is not decremented if d... | S | |
| CVE-2020-11161 | Out-of-bounds memory access can occur while calculating alignment requirements for a negative width ... | S | |
| CVE-2020-11162 | u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events rec... | S | |
| CVE-2020-11163 | Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation fo... | | |
| CVE-2020-11164 | u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due ... | | |
| CVE-2020-11165 | Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer with... | | |
| CVE-2020-11166 | Potential out of bound read exception when UE receives unusually large number of padding octets in t... | | |
| CVE-2020-11167 | Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more d... | S | |
| CVE-2020-11168 | u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to acces... | | |
| CVE-2020-11169 | u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in ... | | |
| CVE-2020-11170 | Out of bound memory access while playing music playbacks with crafted vorbis content due to improper... | | |
| CVE-2020-11171 | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check ... | | |
| CVE-2020-11172 | u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory w... | | |
| CVE-2020-11173 | u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' i... | S | |
| CVE-2020-11174 | u'Array index underflow issue in adsp driver due to improper check of channel id before used as arra... | S | |
| CVE-2020-11175 | u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after t... | | |
| CVE-2020-11176 | While processing server certificate from IPSec server, certificate validation for subject alternativ... | | |
| CVE-2020-11177 | User can overwrite Security Code NV item without knowing current SPC due to improper validation of S... | | |
| CVE-2020-11178 | Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address ... | | |
| CVE-2020-11179 | Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and crea... | | |
| CVE-2020-11180 | Out of bound access in computer vision control due to improper validation of command length before p... | | |
| CVE-2020-11181 | Out of bound access issue while handling cvp process control command due to improper validation of b... | | |
| CVE-2020-11182 | Possible heap overflow while parsing NAL header due to lack of check of length of data received from... | | |
| CVE-2020-11183 | A process can potentially cause a buffer overflow in the display service allowing privilege escalati... | S | |
| CVE-2020-11184 | u'Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.' ... | | |
| CVE-2020-11185 | Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of valid... | S | |
| CVE-2020-11186 | Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to imprope... | | |
| CVE-2020-11187 | Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon... | | |
| CVE-2020-11188 | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check ... | | |
| CVE-2020-11189 | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check ... | | |
| CVE-2020-11190 | Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check ... | | |
| CVE-2020-11191 | Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdra... | | |
| CVE-2020-11192 | Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon A... | | |
| CVE-2020-11193 | u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned fr... | | |
| CVE-2020-11194 | Possible out of bound access in TA while processing a command from NS side due to improper length ch... | | |
| CVE-2020-11195 | Out of bound write and read in TA while processing command from NS side due to improper length check... | | |
| CVE-2020-11196 | u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of ... | | |
| CVE-2020-11197 | Possible integer overflow can occur when stream info update is called when total number of streams d... | | |
| CVE-2020-11198 | Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped se... | | |
| CVE-2020-11199 | HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can l... | | |
| CVE-2020-11200 | Buffer over-read while parsing RPS due to lack of check of input validation on values received from ... | | |
| CVE-2020-11201 | Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU si... | E | |
| CVE-2020-11202 | Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library... | E | |
| CVE-2020-11203 | Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variab... | | |
| CVE-2020-11204 | Possible memory corruption and information leakage in sub-system due to lack of check for validity a... | | |
| CVE-2020-11205 | u'Possible integer overflow to heap overflow while processing command due to lack of check of packet... | | |
| CVE-2020-11206 | Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on ... | E | |
| CVE-2020-11207 | Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in S... | E | |
| CVE-2020-11208 | Out of Bound issue in DSP services while processing received arguments due to improper validation of... | E | |
| CVE-2020-11209 | Improper authorization in DSP process could allow unauthorized users to downgrade the library versio... | E | |
| CVE-2020-11210 | Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivit... | | |
| CVE-2020-11212 | Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field ch... | | |
| CVE-2020-11213 | Out of bound reads might occur in while processing Service descriptor due to improper validation of ... | | |
| CVE-2020-11214 | Buffer over-read while processing NDL attribute if attribute length is larger than expected and then... | | |
| CVE-2020-11215 | An out of bounds read can happen when processing VSA attribute due to improper minimum required leng... | | |
| CVE-2020-11216 | Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX ... | | |
| CVE-2020-11217 | A possible double free or invalid memory access in audio driver while reading Speaker Protection par... | S | |
| CVE-2020-11218 | Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validat... | | |
| CVE-2020-11220 | While processing storage SCM commands there is a time of check or time of use window where a pointer... | | |
| CVE-2020-11221 | Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in ... | | |
| CVE-2020-11222 | Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdra... | | |
| CVE-2020-11223 | Out of bound in camera driver due to lack of check of validation of array index before copying into ... | | |
| CVE-2020-11225 | Out of bound access in WLAN driver due to lack of validation of array length before copying into arr... | S | |
| CVE-2020-11226 | Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Sn... | | |
| CVE-2020-11227 | Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before c... | | |
| CVE-2020-11228 | Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivil... | | |
| CVE-2020-11230 | Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the ... | S | |
| CVE-2020-11231 | Two threads call one or both functions concurrently leading to corruption of pointers and reference ... | S | |
| CVE-2020-11233 | Time-of-check time-of-use race condition While processing partition entries due to newly created buf... | S | |
| CVE-2020-11234 | When sending a socket event message to a user application, invalid information will be passed if soc... | S | |
| CVE-2020-11235 | Buffer overflow might occur while parsing unified command due to lack of check of input data receive... | | |
| CVE-2020-11236 | Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead t... | | |
| CVE-2020-11237 | Memory crash when accessing histogram type KPI input received due to lack of check of histogram defi... | | |
| CVE-2020-11238 | Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdr... | | |
| CVE-2020-11239 | Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attac... | S | |
| CVE-2020-11240 | Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not eno... | S | |
| CVE-2020-11241 | Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared ... | | |
| CVE-2020-11242 | User could gain access to secure memory due to incorrect argument into address range validation api ... | | |
| CVE-2020-11243 | RRC sends a connection establishment success to NAS even though connection setup validation returns ... | | |
| CVE-2020-11245 | Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validat... | | |
| CVE-2020-11246 | A double free condition can occur when the device moves to suspend mode during secure playback in Sn... | | |
| CVE-2020-11247 | Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto,... | | |
| CVE-2020-11250 | Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto,... | S | |
| CVE-2020-11251 | Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length ... | | |
| CVE-2020-11252 | Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to informati... | | |
| CVE-2020-11253 | Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, ... | | |
| CVE-2020-11254 | Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking... | S | |
| CVE-2020-11255 | Denial of service while processing RTCP packets containing multiple SDES reports due to memory for l... | | |
| CVE-2020-11256 | Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Sna... | S | |
| CVE-2020-11257 | Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdrag... | | |
| CVE-2020-11258 | Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdrag... | | |
| CVE-2020-11259 | Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdrag... | | |
| CVE-2020-11260 | An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdrago... | | |
| CVE-2020-11261 | Memory corruption due to improper check to return error when user application requests memory alloca... | KEV S | |
| CVE-2020-11262 | A race between command submission and destroying the context can cause an invalid context being adde... | S | |
| CVE-2020-11263 | An integer overflow due to improper check performed after the address and size passed are aligned in... | | |
| CVE-2020-11264 | Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arb... | S | |
| CVE-2020-11265 | Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snap... | | |
| CVE-2020-11266 | Image address is dereferenced before validating its range which can cause potential QSEE information... | | |
| CVE-2020-11267 | Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds ... | S | |
| CVE-2020-11268 | Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lea... | | |
| CVE-2020-11269 | Possible memory corruption while processing EAPOL frames due to lack of validation of key length bef... | | |
| CVE-2020-11270 | Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 w... | | |
| CVE-2020-11271 | Possible out of bounds while accessing global control elements due to race condition in Snapdragon A... | S | |
| CVE-2020-11272 | Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be del... | S | |
| CVE-2020-11273 | Histogram type KPI was teardown with the assumption of the existence of histogram binning info and w... | | |
| CVE-2020-11274 | Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon... | | |
| CVE-2020-11275 | Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE leng... | | |
| CVE-2020-11276 | Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response fra... | | |
| CVE-2020-11277 | Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ct... | | |
| CVE-2020-11278 | Possible denial of service while handling host WMI command due to improper validation in Snapdragon ... | | |
| CVE-2020-11279 | Memory corruption while processing crafted SDES packets due to improper length check in sdes packets... | | |
| CVE-2020-11280 | Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits s... | | |
| CVE-2020-11281 | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers c... | | |
| CVE-2020-11282 | Improper access control when using mmap with the kgsl driver with a special offset value that can be... | S | |
| CVE-2020-11283 | A buffer overflow can occur when playing an MKV clip due to lack of input validation in Snapdragon A... | | |
| CVE-2020-11284 | Locked memory can be unlocked and modified by non secure boot loader through improper system call se... | | |
| CVE-2020-11285 | Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided ... | | |
| CVE-2020-11286 | An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests o... | S | |
| CVE-2020-11287 | Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers c... | | |
| CVE-2020-11288 | Out of bound write can occur in playready while processing command due to lack of input validation i... | | |
| CVE-2020-11289 | Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdr... | | |
| CVE-2020-11290 | Use after free condition in msm ioctl events due to race between the ioctl register and deregister e... | | |
| CVE-2020-11291 | Possible buffer overflow while updating ikev2 parameters for delete payloads received during informa... | | |
| CVE-2020-11292 | Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice... | | |
| CVE-2020-11293 | Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack ... | | |
| CVE-2020-11294 | Out of bound write in logger due to prefix size is not validated while prepended to logging string i... | | |
| CVE-2020-11295 | Use after free in camera If the threadmanager is being cleaned up while the worker thread is process... | | |
| CVE-2020-11296 | Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon ... | | |
| CVE-2020-11297 | Denial of service in WLAN module due to improper check of subtypes in logic where excessive frames a... | S | |
| CVE-2020-11298 | While waiting for a response to a callback or listener request, non-secure clients can change permis... | | |
| CVE-2020-11299 | Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdrago... | | |
| CVE-2020-11300 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11301 | Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to i... | S | |
| CVE-2020-11302 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11303 | Accepting AMSDU frames with mismatched destination and source address can lead to information disclo... | | |
| CVE-2020-11304 | Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdrago... | | |
| CVE-2020-11305 | Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer I... | S | |
| CVE-2020-11306 | Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapd... | | |
| CVE-2020-11307 | Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto... | | |
| CVE-2020-11308 | Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is m... | S | |
| CVE-2020-11309 | Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of re... | S | |
| CVE-2020-11310 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11311 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as duplic... | R | |
| CVE-2020-11312 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11313 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11314 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11315 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11316 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11317 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11318 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11319 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11322 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11325 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11327 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11329 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11330 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11332 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11333 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11335 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11336 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11337 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11340 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11341 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11342 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11345 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11347 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11348 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11349 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11350 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11351 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11352 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11353 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11354 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11356 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11357 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11358 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11359 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11361 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11362 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11363 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11364 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11365 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11366 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11367 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11368 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11369 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11370 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11371 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11372 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11373 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11375 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11376 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11377 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11378 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11379 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11383 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11384 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11385 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11386 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11389 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11392 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11393 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11394 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11397 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11400 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11401 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11402 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11404 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11406 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11410 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11411 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11412 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11413 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-11414 | An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandl... | | |
| CVE-2020-11415 | An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.... | S | |
| CVE-2020-11416 | JetBrains Space through 2020-04-22 allows stored XSS in Chats.... | | |
| CVE-2020-11420 | UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login c... | | |
| CVE-2020-11431 | The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 t... | S | |
| CVE-2020-11436 | LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions o... | E | |
| CVE-2020-11437 | LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to en... | E | |
| CVE-2020-11438 | LibreHealth EMR v2.0.0 is affected by systemic CSRF.... | E | |
| CVE-2020-11439 | LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be incl... | E | |
| CVE-2020-11440 | httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the w... | | |
| CVE-2020-11441 | phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form f... | E | |
| CVE-2020-11443 | The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files loca... | | |
| CVE-2020-11444 | Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.... | S | |
| CVE-2020-11445 | TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain ... | | |
| CVE-2020-11446 | ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rig... | | |
| CVE-2020-11447 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retr... | E | |
| CVE-2020-11448 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email f... | E | |
| CVE-2020-11449 | An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin creden... | E | |
| CVE-2020-11450 | Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and oth... | E S | |
| CVE-2020-11451 | The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to... | E S | |
| CVE-2020-11452 | Microstrategy Web 10.4 includes functionality to allow users to import files or data from external r... | E S | |
| CVE-2020-11453 | Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service function... | E S | |
| CVE-2020-11454 | Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in... | E S | |
| CVE-2020-11455 | LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a... | E S | |
| CVE-2020-11456 | LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettin... | E S | |
| CVE-2020-11457 | pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr p... | E S | |
| CVE-2020-11458 | app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that shoul... | E S | |
| CVE-2020-11462 | An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full ... | | |
| CVE-2020-11463 | An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to prope... | E | |
| CVE-2020-11464 | An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly vali... | E | |
| CVE-2020-11465 | An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly val... | E | |
| CVE-2020-11466 | An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly val... | E | |
| CVE-2020-11467 | An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify th... | E | |
| CVE-2020-11469 | Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary dire... | E | |
| CVE-2020-11470 | Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, whic... | E | |
| CVE-2020-11474 | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Su... | E | |
| CVE-2020-11476 | Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.... | E S | |
| CVE-2020-11483 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC fir... | | |
| CVE-2020-11484 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability ... | | |
| CVE-2020-11485 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Req... | | |
| CVE-2020-11486 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability i... | | |
| CVE-2020-11487 | NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versi... | | |
| CVE-2020-11488 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC fir... | | |
| CVE-2020-11489 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC fir... | | |
| CVE-2020-11490 | Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbit... | E | |
| CVE-2020-11491 | Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute ... | E | |
| CVE-2020-11492 | An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up th... | | |
| CVE-2020-11493 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sens... | | |
| CVE-2020-11494 | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.... | S | |
| CVE-2020-11495 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-11496 | Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering da... | | |
| CVE-2020-11497 | An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress... | E | |
| CVE-2020-11498 | Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attac... | E S | |
| CVE-2020-11499 | Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a l... | E S | |
| CVE-2020-11500 | Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. With... | E | |
| CVE-2020-11501 | GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.... | S | |
| CVE-2020-11503 | A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older... | | |
| CVE-2020-11505 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, ... | | |
| CVE-2020-11506 | An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to ... | | |
| CVE-2020-11507 | An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code e... | | |
| CVE-2020-11508 | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users ... | E | |
| CVE-2020-11509 | An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers... | E | |
| CVE-2020-11511 | The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privilege... | E | |
| CVE-2020-11512 | Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attacker... | E | |
| CVE-2020-11514 | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to updat... | E | |
| CVE-2020-11515 | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to creat... | E | |
| CVE-2020-11516 | Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated ... | E | |
| CVE-2020-11518 | Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.... | | |
| CVE-2020-11519 | The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write t... | | |
| CVE-2020-11520 | The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitr... | | |
| CVE-2020-11521 | libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.... | E S | |
| CVE-2020-11522 | libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.... | E S | |
| CVE-2020-11523 | libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.... | E S | |
| CVE-2020-11524 | libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Writ... | E S | |
| CVE-2020-11525 | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.... | E S | |
| CVE-2020-11526 | libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.... | E S | |
| CVE-2020-11527 | In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specia... | | |
| CVE-2020-11528 | bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c vi... | E | |
| CVE-2020-11529 | Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still... | S | |
| CVE-2020-11530 | A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerabili... | E | |
| CVE-2020-11531 | The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does n... | E | |
| CVE-2020-11532 | Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate wit... | E S | |
| CVE-2020-11533 | Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to o... | | |
| CVE-2020-11534 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx... | | |
| CVE-2020-11535 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx... | | |
| CVE-2020-11536 | An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx... | | |
| CVE-2020-11537 | A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute ar... | | |
| CVE-2020-11538 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the p... | S | |
| CVE-2020-11539 | An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the s... | E | |
| CVE-2020-11541 | In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that ... | | |
| CVE-2020-11542 | 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= be... | E | |
| CVE-2020-11543 | OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows ro... | E | |
| CVE-2020-11544 | An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to ... | E | |
| CVE-2020-11545 | Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demon... | E | |
| CVE-2020-11546 | SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language ... | E | |
| CVE-2020-11547 | PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain informati... | | |
| CVE-2020-11548 | The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar ... | | |
| CVE-2020-11549 | An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.... | E S | |
| CVE-2020-11550 | An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.... | E S | |
| CVE-2020-11551 | An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.... | E S | |
| CVE-2020-11552 | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 ... | E | |
| CVE-2020-11553 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive C... | E | |
| CVE-2020-11554 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote att... | E | |
| CVE-2020-11555 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote att... | E | |
| CVE-2020-11556 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple p... | E | |
| CVE-2020-11557 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the user... | E | |
| CVE-2020-11558 | An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Re... | E S | |
| CVE-2020-11560 | NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the config... | E | |
| CVE-2020-11561 | In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access h... | E | |
| CVE-2020-11565 | An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a st... | S | |
| CVE-2020-11576 | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowe... | S | |
| CVE-2020-11579 | An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part ... | E | |
| CVE-2020-11580 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in... | E | |
| CVE-2020-11581 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in... | E | |
| CVE-2020-11582 | An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in... | E | |
| CVE-2020-11583 | A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated user... | | |
| CVE-2020-11584 | A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to... | | |
| CVE-2020-11585 | There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activi... | E | |
| CVE-2020-11586 | An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker c... | E | |
| CVE-2020-11587 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11588 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11589 | An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ... | E | |
| CVE-2020-11590 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11591 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11592 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11593 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11594 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11595 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11596 | A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthentic... | E | |
| CVE-2020-11597 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can m... | E | |
| CVE-2020-11598 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attacke... | E | |
| CVE-2020-11599 | An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attack... | E | |
| CVE-2020-11600 | An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code exe... | | |
| CVE-2020-11601 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unautho... | | |
| CVE-2020-11602 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant... | | |
| CVE-2020-11603 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) so... | | |
| CVE-2020-11604 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) so... | | |
| CVE-2020-11605 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There i... | | |
| CVE-2020-11606 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about applicati... | | |
| CVE-2020-11607 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Notification exp... | | |
| CVE-2020-11608 | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NUL... | S | |
| CVE-2020-11609 | An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb... | S | |
| CVE-2020-11610 | An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePo... | E | |
| CVE-2020-11611 | An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStora... | E | |
| CVE-2020-11612 | The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a... | S | |
| CVE-2020-11613 | Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and in... | E | |
| CVE-2020-11614 | Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over clea... | E | |
| CVE-2020-11615 | NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI B... | | |
| CVE-2020-11616 | NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI B... | | |
| CVE-2020-11617 | The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes do... | E | |
| CVE-2020-11618 | THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service... | E | |
| CVE-2020-11619 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-11620 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg... | | |
| CVE-2020-11622 | A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x trai... | M | |
| CVE-2020-11623 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and... | E S | |
| CVE-2020-11624 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and... | E S | |
| CVE-2020-11625 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and... | E S | |
| CVE-2020-11626 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (X... | | |
| CVE-2020-11627 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forger... | | |
| CVE-2020-11628 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support r... | | |
| CVE-2020-11629 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certif... | | |
| CVE-2020-11630 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code... | | |
| CVE-2020-11631 | An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be gener... | | |
| CVE-2020-11632 | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which al... | | |
| CVE-2020-11633 | The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when co... | | |
| CVE-2020-11634 | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused... | | |
| CVE-2020-11635 | The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows ... | | |
| CVE-2020-11637 | Automation Runtime TFTP Service DoS Vulnerability | | |
| CVE-2020-11639 | Insufficient access control on Inter process communication, | S | |
| CVE-2020-11640 | Elevation of Privilege | S | |
| CVE-2020-11641 | SiteManager Local File Inclusion Vulnerability | | |
| CVE-2020-11642 | SiteManager Denial of Service via Local File Inclusion Vulnerability | | |
| CVE-2020-11643 | GateManager Information Disclosure Vulnerability | | |
| CVE-2020-11644 | GateManager Audit Message Spoofing Vulnerability | | |
| CVE-2020-11645 | GateManager Denial of Service Vulnerability | | |
| CVE-2020-11646 | GateManager Log Information Disclosure Vulnerability | | |
| CVE-2020-11647 | In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. ... | S | |
| CVE-2020-11649 | An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have... | | |
| CVE-2020-11650 | An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-... | S | |
| CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | |
| CVE-2020-11652 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | |
| CVE-2020-11653 | An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x b... | | |
| CVE-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malfo... | E S | |
| CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an... | S | |
| CVE-2020-11658 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which al... | | |
| CVE-2020-11659 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use... | | |
| CVE-2020-11660 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use... | | |
| CVE-2020-11661 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged use... | | |
| CVE-2020-11662 | CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers... | | |
| CVE-2020-11663 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows a... | | |
| CVE-2020-11664 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner,... | | |
| CVE-2020-11665 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner... | | |
| CVE-2020-11666 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious user... | | |
| CVE-2020-11668 | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB ... | S | |
| CVE-2020-11669 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/... | S | |
| CVE-2020-11671 | Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPa... | E | |
| CVE-2020-11673 | An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthentic... | E | |
| CVE-2020-11674 | Cerner medico 26.00 allows variable reuse, possibly causing data corruption.... | E | |
| CVE-2020-11675 | Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).... | E | |
| CVE-2020-11676 | Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).... | E | |
| CVE-2020-11677 | Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).... | E | |
| CVE-2020-11679 | Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/... | E | |
| CVE-2020-11680 | Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. ... | | |
| CVE-2020-11681 | Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartex... | | |
| CVE-2020-11682 | Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificati... | | |
| CVE-2020-11683 | A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers... | E S | |
| CVE-2020-11684 | AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory bef... | E S | |
| CVE-2020-11685 | In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.... | | |
| CVE-2020-11686 | In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity se... | | |
| CVE-2020-11687 | In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several p... | | |
| CVE-2020-11688 | In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his ses... | | |
| CVE-2020-11689 | In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import set... | | |
| CVE-2020-11690 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host ... | | |
| CVE-2020-11691 | In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.... | | |
| CVE-2020-11692 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.... | | |
| CVE-2020-11693 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malfo... | | |
| CVE-2020-11694 | In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were inc... | E | |
| CVE-2020-11696 | In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in al... | | |
| CVE-2020-11697 | In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all ... | | |
| CVE-2020-11698 | An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter commun... | E | |
| CVE-2020-11699 | An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the p... | E | |
| CVE-2020-11700 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used ... | E | |
| CVE-2020-11701 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web I... | E | |
| CVE-2020-11702 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Mu... | E | |
| CVE-2020-11703 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties ... | E | |
| CVE-2020-11704 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has M... | E | |
| CVE-2020-11705 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allow... | E | |
| CVE-2020-11706 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CS... | E | |
| CVE-2020-11707 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission... | E | |
| CVE-2020-11708 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occu... | | |
| CVE-2020-11709 | cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_he... | E | |
| CVE-2020-11710 | An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessibl... | S | |
| CVE-2020-11711 | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel ... | | |
| CVE-2020-11712 | Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field.... | E | |
| CVE-2020-11713 | wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side... | E S | |
| CVE-2020-11714 | eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location.... | E | |
| CVE-2020-11715 | Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that... | | |
| CVE-2020-11716 | Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Pe... | | |
| CVE-2020-11717 | An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.... | | |
| CVE-2020-11718 | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-... | E | |
| CVE-2020-11719 | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It r... | | |
| CVE-2020-11720 | An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. Duri... | | |
| CVE-2020-11721 | load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an inva... | E | |
| CVE-2020-11722 | Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrar... | S | |
| CVE-2020-11723 | Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB dae... | E | |
| CVE-2020-11724 | An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request ... | S | |
| CVE-2020-11725 | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner l... | E | |
| CVE-2020-11727 | A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce pl... | E | |
| CVE-2020-11728 | An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management doe... | | |
| CVE-2020-11729 | An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cook... | E | |
| CVE-2020-11731 | The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabiliti... | | |
| CVE-2020-11732 | The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vul... | | |
| CVE-2020-11733 | An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An a... | | |
| CVE-2020-11734 | cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter.... | E | |
| CVE-2020-11735 | The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inver... | S | |
| CVE-2020-11736 | fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extrac... | S | |
| CVE-2020-11737 | A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to c... | | |
| CVE-2020-11738 | The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) all... | KEV E | |
| CVE-2020-11739 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service ... | S | |
| CVE-2020-11740 | An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active p... | S | |
| CVE-2020-11741 | An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active prof... | S | |
| CVE-2020-11742 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service ... | S | |
| CVE-2020-11743 | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service ... | E S | |
| CVE-2020-11747 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-8497. Reason: This candidate... | R | |
| CVE-2020-11749 | Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A ne... | E | |
| CVE-2020-11753 | An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is po... | S | |
| CVE-2020-11758 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixel... | E | |
| CVE-2020-11759 | An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLi... | E | |
| CVE-2020-11760 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompres... | E | |
| CVE-2020-11761 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncom... | E | |
| CVE-2020-11762 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaComp... | E | |
| CVE-2020-11763 | An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and writ... | E | |
| CVE-2020-11764 | An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuf... | E | |
| CVE-2020-11765 | An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h... | E | |
| CVE-2020-11766 | sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows a... | | |
| CVE-2020-11767 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (n... | E | |
| CVE-2020-11768 | Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11769 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11770 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D62... | | |
| CVE-2020-11771 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11772 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11773 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11774 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11775 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11776 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11777 | Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11778 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11779 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11780 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11781 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11782 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11783 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11784 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11785 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11786 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11787 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 befo... | | |
| CVE-2020-11788 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, ... | | |
| CVE-2020-11789 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2020-11790 | NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attac... | | |
| CVE-2020-11791 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.... | | |
| CVE-2020-11792 | NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Se... | | |
| CVE-2020-11793 | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted we... | | |
| CVE-2020-11795 | In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.... | | |
| CVE-2020-11796 | In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.... | | |
| CVE-2020-11797 | An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mi... | | |
| CVE-2020-11798 | A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1... | | |
| CVE-2020-11799 | Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged ... | E | |
| CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary co... | | |
| CVE-2020-11803 | An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when... | E | |
| CVE-2020-11804 | An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid,... | E | |
| CVE-2020-11805 | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.... | | |
| CVE-2020-11806 | In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process doe... | | |
| CVE-2020-11807 | Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows a... | E S | |
| CVE-2020-11810 | An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_D... | E S | |
| CVE-2020-11811 | In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profil... | E | |
| CVE-2020-11812 | Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the f... | | |
| CVE-2020-11813 | In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyrigh... | | |
| CVE-2020-11814 | A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header... | E | |
| CVE-2020-11815 | In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content... | E | |
| CVE-2020-11816 | Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the r... | E | |
| CVE-2020-11817 | In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the co... | E | |
| CVE-2020-11818 | In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechani... | E | |
| CVE-2020-11819 | In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language f... | E | |
| CVE-2020-11820 | Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the e... | E | |
| CVE-2020-11821 | In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base6... | E | |
| CVE-2020-11822 | In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user acce... | E | |
| CVE-2020-11823 | In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin... | E | |
| CVE-2020-11825 | In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any C... | E | |
| CVE-2020-11826 | Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a passwo... | | |
| CVE-2020-11827 | In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: Galaxy... | | |
| CVE-2020-11828 | In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/servic... | | |
| CVE-2020-11829 | Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected pro... | | |
| CVE-2020-11830 | QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.opp... | | |
| CVE-2020-11831 | OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected pro... | | |
| CVE-2020-11832 | In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/... | E | |
| CVE-2020-11833 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_d... | E | |
| CVE-2020-11834 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_updat... | E | |
| CVE-2020-11835 | In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the ... | E | |
| CVE-2020-11836 | OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulner... | | |
| CVE-2020-11838 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affectin... | | |
| CVE-2020-11839 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all versi... | | |
| CVE-2020-11840 | Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product,... | | |
| CVE-2020-11841 | Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product,... | | |
| CVE-2020-11842 | Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affect... | | |
| CVE-2020-11843 | Potential information leakage in administrator enabled debug mode | | |
| CVE-2020-11844 | Incorrect Authorization vulnerability in the Micro Focus Container Deployment Foundation affecting multiple products. | S | |
| CVE-2020-11845 | Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, ... | | |
| CVE-2020-11846 | Improper handling of token allows access to restricted resource in Privileged Access Manager | | |
| CVE-2020-11847 | Vulnerability in sshrelay in privileged access manager provides full system access. | | |
| CVE-2020-11848 | Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions pr... | | |
| CVE-2020-11849 | Elevation of privilege and unauthorized access in Micro Focus Identity Manager product | S | |
| CVE-2020-11850 | Cross site scripting vulnerability in Self Service Password Reset | | |
| CVE-2020-11851 | Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version... | | |
| CVE-2020-11852 | DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all ... | | |
| CVE-2020-11853 | Arbitrary code execution vulnerability on multiple Micro Focus products | S | |
| CVE-2020-11854 | Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products. | S | |
| CVE-2020-11855 | An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10... | | |
| CVE-2020-11856 | Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 1... | | |
| CVE-2020-11857 | An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10... | | |
| CVE-2020-11858 | Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products. | S | |
| CVE-2020-11859 | Potential Cross Site Scripting vulnerability in OpenText iManager | | |
| CVE-2020-11860 | Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version pri... | | |
| CVE-2020-11861 | Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting ... | | |
| CVE-2020-11862 | Insecure renegotiation in SSL protocol caused Denial of service attack in Privileged Account Manager | | |
| CVE-2020-11863 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).... | S | |
| CVE-2020-11864 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).... | S | |
| CVE-2020-11865 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.... | S | |
| CVE-2020-11866 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.... | S | |
| CVE-2020-11867 | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity c... | | |
| CVE-2020-11868 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenti... | S | |
| CVE-2020-11869 | An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulatio... | S | |
| CVE-2020-11872 | The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of... | | |
| CVE-2020-11873 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A st... | | |
| CVE-2020-11874 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers... | | |
| CVE-2020-11875 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) ... | | |
| CVE-2020-11876 | airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for... | E | |
| CVE-2020-11877 | airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (I... | E | |
| CVE-2020-11878 | The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (... | | |
| CVE-2020-11879 | An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "m... | | |
| CVE-2020-11880 | An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?... | S | |
| CVE-2020-11881 | An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows a... | E | |
| CVE-2020-11882 | The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to ot... | E | |
| CVE-2020-11883 | In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStor... | E S | |
| CVE-2020-11884 | In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a r... | S | |
| CVE-2020-11885 | WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console a... | | |
| CVE-2020-11886 | OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListControlle... | | |
| CVE-2020-11887 | svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.... | E | |
| CVE-2020-11888 | python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match su... | E | |
| CVE-2020-11889 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section o... | | |
| CVE-2020-11890 | An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table ... | | |
| CVE-2020-11891 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section o... | | |
| CVE-2020-11894 | Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() i... | E | |
| CVE-2020-11895 | Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() i... | E | |
| CVE-2020-11896 | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.... | E M | |
| CVE-2020-11897 | The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packet... | M | |
| CVE-2020-11898 | The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsiste... | E M | |
| CVE-2020-11899 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.... | KEV E M | |
| CVE-2020-11900 | The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.... | E M | |
| CVE-2020-11901 | The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS respons... | E M | |
| CVE-2020-11902 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.... | E M | |
| CVE-2020-11903 | The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.... | E M | |
| CVE-2020-11904 | The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes ... | E M | |
| CVE-2020-11905 | The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.... | E M | |
| CVE-2020-11906 | The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.... | E M | |
| CVE-2020-11907 | The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.... | E M | |
| CVE-2020-11908 | The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.... | E M | |
| CVE-2020-11909 | The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.... | E M | |
| CVE-2020-11910 | The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.... | E M | |
| CVE-2020-11911 | The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.... | E M | |
| CVE-2020-11912 | The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.... | E M | |
| CVE-2020-11913 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.... | E M | |
| CVE-2020-11914 | The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.... | E M | |
| CVE-2020-11915 | An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cg... | E | |
| CVE-2020-11916 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password for the root user is... | E | |
| CVE-2020-11917 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value, whi... | E | |
| CVE-2020-11918 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created thr... | E | |
| CVE-2020-11919 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is no CSRF protection.... | E | |
| CVE-2020-11920 | An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulner... | E | |
| CVE-2020-11921 | An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryptio... | | |
| CVE-2020-11922 | An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cl... | E | |
| CVE-2020-11923 | An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.... | E | |
| CVE-2020-11924 | An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash... | E | |
| CVE-2020-11925 | An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the de... | E | |
| CVE-2020-11926 | An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate... | | |
| CVE-2020-11928 | In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via... | | |
| CVE-2020-11930 | The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This require... | S | |
| CVE-2020-11931 | Ubuntu modifications to pulseaudio to provide snap security enforcement could be unloaded | | |
| CVE-2020-11932 | Subiquity server installer logged LUKS full disk encryption password | S | |
| CVE-2020-11933 | local snapd exploit through cloud-init | | |
| CVE-2020-11934 | Sandbox escape vulnerability via snapctl user-open (xdg-open) | | |
| CVE-2020-11935 | aufs: improperly managed inode reference counts in the vfsub_dentry_open() method | | |
| CVE-2020-11936 | gdbus setgid privilege escalation... | E | |
| CVE-2020-11937 | Resource exhaustion vulnerability in whoopsie | E | |
| CVE-2020-11938 | In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled pas... | | |
| CVE-2020-11939 | In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that r... | E S | |
| CVE-2020-11940 | In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by... | E S | |
| CVE-2020-11941 | An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.... | E | |
| CVE-2020-11942 | An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.... | E | |
| CVE-2020-11943 | An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.... | E | |
| CVE-2020-11944 | Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_I... | S | |
| CVE-2020-11945 | An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authent... | S | |
| CVE-2020-11946 | Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via ... | | |
| CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclos... | S | |
| CVE-2020-11949 | testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and be... | | |
| CVE-2020-11950 | VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows a... | | |
| CVE-2020-11951 | An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.1... | E | |
| CVE-2020-11952 | An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.1... | E | |
| CVE-2020-11953 | An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.7... | E | |
| CVE-2020-11955 | An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.7... | E | |
| CVE-2020-11956 | An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.1... | E | |
| CVE-2020-11957 | The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.... | | |
| CVE-2020-11958 | re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.... | S | |
| CVE-2020-11959 | An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.... | | |
| CVE-2020-11960 | Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_... | | |
| CVE-2020-11961 | Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an in... | | |
| CVE-2020-11963 | IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the... | | |
| CVE-2020-11964 | In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attacke... | | |
| CVE-2020-11965 | In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain f... | | |
| CVE-2020-11966 | In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers ... | | |
| CVE-2020-11967 | In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade... | | |
| CVE-2020-11968 | In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorre... | | |
| CVE-2020-11969 | If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the u... | | |
| CVE-2020-11970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 ... | S | |
| CVE-2020-11972 | Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, ... | | |
| CVE-2020-11973 | Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.2... | | |
| CVE-2020-11974 | In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exi... | | |
| CVE-2020-11975 | Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Jav... | S | |
| CVE-2020-11976 | By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This wou... | | |
| CVE-2020-11977 | In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administ... | | |
| CVE-2020-11978 | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul... | KEV E | |
| CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it crea... | S | |
| CVE-2020-11980 | In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. B... | | |
| CVE-2020-11981 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an at... | | |
| CVE-2020-11982 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an at... | | |
| CVE-2020-11983 | An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the ... | | |
| CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE... | E | |
| CVE-2020-11985 | IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxyi... | | |
| CVE-2020-11986 | To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follow... | | |
| CVE-2020-11987 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation ... | S | |
| CVE-2020-11988 | Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by i... | S | |
| CVE-2020-11989 | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially craf... | | |
| CVE-2020-11990 | We have resolved a security issue in the camera plugin that could have affected certain Cordova (And... | | |
| CVE-2020-11991 | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, includi... | E | |
| CVE-2020-11992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-11993 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and ... | E S | |
| CVE-2020-11994 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components... | S | |
| CVE-2020-11995 | Apache Dubbo default deserialization protocol Hessian2 cause CRE | | |
| CVE-2020-11996 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.... | | |
| CVE-2020-11997 | Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based o... | | |
| CVE-2020-11998 | A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environme... | S | |
| CVE-2020-11999 | FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Componen... | |