| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-27000 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27001 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A... | S | |
| CVE-2020-27002 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (A... | S | |
| CVE-2020-27003 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27004 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27005 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27006 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27007 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27008 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-27009 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | | |
| CVE-2020-27010 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6... | | |
| CVE-2020-27013 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs wh... | | |
| CVE-2020-27014 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Thr... | | |
| CVE-2020-27015 | Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulne... | | |
| CVE-2020-27016 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site... | E | |
| CVE-2020-27017 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML Exter... | E | |
| CVE-2020-27018 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server sid... | E | |
| CVE-2020-27019 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an informati... | E | |
| CVE-2020-27020 | Password generator feature in Kaspersky Password Manager was not completely cryptographically strong... | | |
| CVE-2020-27021 | In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a mis... | | |
| CVE-2020-27023 | In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass... | | |
| CVE-2020-27024 | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a mis... | | |
| CVE-2020-27025 | In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due t... | | |
| CVE-2020-27026 | During boot, the device unlock interface behaves differently depending on if a fingerprint registere... | | |
| CVE-2020-27027 | In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing... | | |
| CVE-2020-27028 | In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bo... | | |
| CVE-2020-27029 | In TextView of TextView.java, there is a possible app hang due to improper input validation. This co... | | |
| CVE-2020-27030 | In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. ... | | |
| CVE-2020-27031 | In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds che... | | |
| CVE-2020-27032 | In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data d... | | |
| CVE-2020-27033 | In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing... | | |
| CVE-2020-27034 | In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass ... | | |
| CVE-2020-27035 | In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper l... | | |
| CVE-2020-27036 | In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a ... | S | |
| CVE-2020-27037 | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a m... | S | |
| CVE-2020-27038 | In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. Thi... | S | |
| CVE-2020-27039 | In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe Pe... | S | |
| CVE-2020-27040 | In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a m... | S | |
| CVE-2020-27041 | In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This ... | S | |
| CVE-2020-27043 | In nfc_enabled of nfc_main.cc, there is a possible out of bounds read due to an incorrect increment.... | S | |
| CVE-2020-27044 | In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This c... | S | |
| CVE-2020-27045 | In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overf... | S | |
| CVE-2020-27046 | In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of bounds read due to a missing b... | S | |
| CVE-2020-27047 | In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bounds read due to a missing bounds... | S | |
| CVE-2020-27048 | In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds ch... | S | |
| CVE-2020-27049 | In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing boun... | S | |
| CVE-2020-27050 | In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a... | S | |
| CVE-2020-27051 | In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an ... | S | |
| CVE-2020-27052 | In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Loc... | S | |
| CVE-2020-27053 | In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission by... | S | |
| CVE-2020-27054 | In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could l... | S | |
| CVE-2020-27055 | In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigCon... | S | |
| CVE-2020-27056 | In SELinux policies of mls, there is a missing permission check. This could lead to local informatio... | S | |
| CVE-2020-27057 | In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission by... | S | |
| CVE-2020-27059 | In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesti... | E S | |
| CVE-2020-27066 | In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to impro... | S | |
| CVE-2020-27067 | In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead t... | S | |
| CVE-2020-27068 | Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel... | S | |
| CVE-2020-27097 | In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. ... | | |
| CVE-2020-27098 | In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contac... | | |
| CVE-2020-27121 | Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability | | |
| CVE-2020-27122 | Cisco Identity Services Engine Privilege Escalation Vulnerability | | |
| CVE-2020-27123 | Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability | | |
| CVE-2020-27124 | Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability | | |
| CVE-2020-27125 | Cisco Security Manager Static Credential Vulnerability | | |
| CVE-2020-27126 | Cisco Webex Meetings API Cross-Site Scripting Vulnerability | | |
| CVE-2020-27127 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities | | |
| CVE-2020-27128 | Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability | | |
| CVE-2020-27129 | Cisco SD-WAN vManage Software Command Injection Vulnerability | | |
| CVE-2020-27130 | Cisco Security Manager Path Traversal Vulnerability | | |
| CVE-2020-27131 | Cisco Security Manager Java Deserialization Vulnerabilities | | |
| CVE-2020-27132 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities | | |
| CVE-2020-27133 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities | | |
| CVE-2020-27134 | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities | | |
| CVE-2020-27146 | TIBCO iProcess Workspace Browser CSRF | S | |
| CVE-2020-27147 | TIBCO PartnerExpress REST API | S | |
| CVE-2020-27148 | TIBCO EBX EXML External Entity | S | |
| CVE-2020-27149 | By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read ... | | |
| CVE-2020-27150 | In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration conta... | | |
| CVE-2020-27151 | An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will ... | E | |
| CVE-2020-27152 | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel befor... | E S | |
| CVE-2020-27153 | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/at... | S | |
| CVE-2020-27154 | The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x bef... | | |
| CVE-2020-27155 | An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may a... | S | |
| CVE-2020-27156 | Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerabil... | | |
| CVE-2020-27157 | Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when spec... | | |
| CVE-2020-27158 | Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges i... | E | |
| CVE-2020-27159 | Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and ... | E | |
| CVE-2020-27160 | Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privil... | E | |
| CVE-2020-27163 | phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.... | S | |
| CVE-2020-27165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidat... | R | |
| CVE-2020-27170 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirabl... | S | |
| CVE-2020-27171 | An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one e... | S | |
| CVE-2020-27172 | An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the... | | |
| CVE-2020-27173 | In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is ... | S | |
| CVE-2020-27174 | In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can gro... | S | |
| CVE-2020-27176 | Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this migh... | E | |
| CVE-2020-27178 | Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 m... | | |
| CVE-2020-27179 | konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafti... | | |
| CVE-2020-27180 | konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy... | | |
| CVE-2020-27181 | A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 a... | | |
| CVE-2020-27182 | Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow re... | | |
| CVE-2020-27183 | A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allow... | | |
| CVE-2020-27184 | The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet... | | |
| CVE-2020-27185 | Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devi... | | |
| CVE-2020-27187 | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand hel... | S | |
| CVE-2020-27191 | LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via craft... | E | |
| CVE-2020-27192 | BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation fla... | E | |
| CVE-2020-27193 | A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows rem... | S | |
| CVE-2020-27194 | An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifie... | S | |
| CVE-2020-27195 | HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be s... | | |
| CVE-2020-27196 | An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP ... | | |
| CVE-2020-27197 | TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, al... | E | |
| CVE-2020-27199 | The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control ... | E | |
| CVE-2020-27207 | Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlit... | | |
| CVE-2020-27208 | The flash read-out protection (RDP) level is not enforced during the device initialization phase of ... | E S | |
| CVE-2020-27209 | The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks whic... | S | |
| CVE-2020-27211 | Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical s... | | |
| CVE-2020-27212 | STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-... | | |
| CVE-2020-27213 | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (IS... | E | |
| CVE-2020-27216 | In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alp... | E S | |
| CVE-2020-27217 | In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP m... | | |
| CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.al... | S | |
| CVE-2020-27219 | In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body retu... | | |
| CVE-2020-27220 | The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway devic... | | |
| CVE-2020-27221 | In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer over... | | |
| CVE-2020-27222 | In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes ... | | |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty hand... | S | |
| CVE-2020-27224 | In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be e... | E | |
| CVE-2020-27225 | In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate activ... | E S | |
| CVE-2020-27226 | An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27227 | An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially craf... | E | |
| CVE-2020-27228 | An incorrect default permissions vulnerability exists in the installation functionality of OpenClini... | E | |
| CVE-2020-27229 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic... | E | |
| CVE-2020-27230 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic... | E | |
| CVE-2020-27231 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic... | E | |
| CVE-2020-27232 | An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA... | E | |
| CVE-2020-27233 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 i... | E | |
| CVE-2020-27234 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 i... | E | |
| CVE-2020-27235 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 i... | E | |
| CVE-2020-27236 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 i... | E | |
| CVE-2020-27237 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27238 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27239 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27240 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27241 | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. ... | E | |
| CVE-2020-27242 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17... | E | |
| CVE-2020-27243 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17... | E | |
| CVE-2020-27244 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17... | E | |
| CVE-2020-27245 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17... | E | |
| CVE-2020-27246 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.17... | E | |
| CVE-2020-27247 | A specially crafted document can cause the document parser to copy data from a particular record typ... | | |
| CVE-2020-27248 | A specially crafted document can cause the document parser to copy data from a particular record typ... | | |
| CVE-2020-27249 | A specially crafted document can cause the document parser to copy data from a particular record typ... | | |
| CVE-2020-27250 | In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted docu... | E | |
| CVE-2020-27251 | A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerabil... | | |
| CVE-2020-27252 | Medtronic MyCareLink Smart Time-of-check Time-of-use Race Condition | S | |
| CVE-2020-27253 | A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This ... | | |
| CVE-2020-27254 | Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The... | | |
| CVE-2020-27255 | A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerabil... | | |
| CVE-2020-27256 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in ... | | |
| CVE-2020-27257 | Omron CX-One | | |
| CVE-2020-27258 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vuln... | | |
| CVE-2020-27259 | Omron CX-One | | |
| CVE-2020-27260 | Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabiliti... | | |
| CVE-2020-27261 | Omron CX-One | | |
| CVE-2020-27262 | Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (X... | | |
| CVE-2020-27263 | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivit... | | |
| CVE-2020-27264 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of ... | | |
| CVE-2020-27265 | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivit... | | |
| CVE-2020-27266 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerab... | | |
| CVE-2020-27267 | KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity ... | | |
| CVE-2020-27268 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerab... | | |
| CVE-2020-27269 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of ... | | |
| CVE-2020-27270 | SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pu... | | |
| CVE-2020-27272 | SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insuli... | | |
| CVE-2020-27274 | Some parsing functions in the affected product do not check the return value of malloc and the threa... | | |
| CVE-2020-27275 | Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while p... | | |
| CVE-2020-27276 | SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insul... | | |
| CVE-2020-27277 | Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while proc... | | |
| CVE-2020-27278 | In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventil... | | |
| CVE-2020-27279 | A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker co... | | |
| CVE-2020-27280 | A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project fil... | | |
| CVE-2020-27281 | A stack-based buffer overflow may exist in Delta Electronics CNCSoft ScreenEditor versions 1.01.26 a... | | |
| CVE-2020-27282 | In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in t... | | |
| CVE-2020-27283 | An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001)... | | |
| CVE-2020-27284 | TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processe... | | |
| CVE-2020-27285 | The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able... | | |
| CVE-2020-27287 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds write while... | | |
| CVE-2020-27288 | An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes ... | | |
| CVE-2020-27289 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while pr... | | |
| CVE-2020-27290 | In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerabil... | | |
| CVE-2020-27291 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while ... | | |
| CVE-2020-27293 | Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing p... | | |
| CVE-2020-27295 | The affected product has uncontrolled resource consumption issues, which may allow an attacker to ca... | | |
| CVE-2020-27297 | The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to m... | | |
| CVE-2020-27298 | Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic ... | | |
| CVE-2020-27299 | The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain a... | | |
| CVE-2020-27301 | A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code e... | E | |
| CVE-2020-27302 | A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code e... | E | |
| CVE-2020-27304 | The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windo... | E S | |
| CVE-2020-27336 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 compone... | | |
| CVE-2020-27337 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 compone... | | |
| CVE-2020-27338 | An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 clien... | | |
| CVE-2020-27339 | In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer... | | |
| CVE-2020-27340 | The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an... | | |
| CVE-2020-27344 | The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.... | E | |
| CVE-2020-27346 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-27347 | tmux stack buffer overflow in function input_csi_dispatch_sgr_colon | E S | |
| CVE-2020-27348 | snapcraft may build snaps with incorrect LD_LIBRARY_PATH | E S | |
| CVE-2020-27349 | aptdaemon performed policykit permissions checks too late | S | |
| CVE-2020-27350 | apt integer wraparound | | |
| CVE-2020-27351 | Various memory and file descriptor leaks in apt-python | | |
| CVE-2020-27352 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does ... | | |
| CVE-2020-27353 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-27354 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-27355 | Rejected reason: CVE ID was once reserved, but never used.... | R | |
| CVE-2020-27356 | The debug-meta-data plugin 1.1.2 for WordPress allows XSS.... | E | |
| CVE-2020-27358 | An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that al... | E | |
| CVE-2020-27359 | A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject... | | |
| CVE-2020-27361 | An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitiv... | | |
| CVE-2020-27362 | An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-l... | E | |
| CVE-2020-27366 | Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0... | | |
| CVE-2020-27368 | Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows at... | E | |
| CVE-2020-27372 | A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter fun... | E | |
| CVE-2020-27373 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over... | E | |
| CVE-2020-27374 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP M... | E | |
| CVE-2020-27375 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Wr... | E | |
| CVE-2020-27376 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authent... | E | |
| CVE-2020-27377 | A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the 'Setting... | E | |
| CVE-2020-27379 | Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Co... | | |
| CVE-2020-27383 | Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability whic... | E | |
| CVE-2020-27384 | The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulne... | E | |
| CVE-2020-27385 | Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.1... | E | |
| CVE-2020-27386 | An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote atta... | E S | |
| CVE-2020-27387 | An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote a... | E S | |
| CVE-2020-27388 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions... | | |
| CVE-2020-27397 | Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vu... | E | |
| CVE-2020-27402 | The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate... | E | |
| CVE-2020-27403 | A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 ... | E | |
| CVE-2020-27406 | Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute a... | E | |
| CVE-2020-27408 | OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUse... | E | |
| CVE-2020-27409 | OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in Si... | S | |
| CVE-2020-27413 | An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to... | | |
| CVE-2020-27414 | Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. Thi... | E | |
| CVE-2020-27416 | Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP ... | | |
| CVE-2020-27418 | A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive... | S | |
| CVE-2020-27422 | In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once... | | |
| CVE-2020-27423 | Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker... | | |
| CVE-2020-27428 | A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers... | S | |
| CVE-2020-27449 | Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manag... | | |
| CVE-2020-27459 | Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. ... | | |
| CVE-2020-27461 | A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability... | E S | |
| CVE-2020-27464 | An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers... | E | |
| CVE-2020-27466 | An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allo... | | |
| CVE-2020-27467 | A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter... | E | |
| CVE-2020-27478 | Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961... | | |
| CVE-2020-27481 | An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the ... | E | |
| CVE-2020-27483 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM... | E | |
| CVE-2020-27484 | Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM.... | E | |
| CVE-2020-27485 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM... | E | |
| CVE-2020-27486 | Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. ... | E | |
| CVE-2020-27488 | Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authenticati... | E | |
| CVE-2020-27507 | The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlengt... | E S | |
| CVE-2020-27508 | In two-factor authentication, the system also sending 2fa secret key in response, which enables an i... | S | |
| CVE-2020-27509 | Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perfo... | | |
| CVE-2020-27511 | An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an att... | E | |
| CVE-2020-27514 | Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog versio... | E | |
| CVE-2020-27515 | A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject ar... | E | |
| CVE-2020-27518 | All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation ... | E | |
| CVE-2020-27519 | Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-servi... | S | |
| CVE-2020-27523 | Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in ... | E | |
| CVE-2020-27524 | On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU... | E | |
| CVE-2020-27533 | A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows... | E | |
| CVE-2020-27534 | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potent... | | |
| CVE-2020-27539 | Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater servi... | E | |
| CVE-2020-27540 | Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. ... | E | |
| CVE-2020-27541 | Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in pa... | E | |
| CVE-2020-27542 | Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration... | E | |
| CVE-2020-27543 | The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service ... | E S | |
| CVE-2020-27544 | An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae6444399794... | S | |
| CVE-2020-27545 | libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference... | S | |
| CVE-2020-27553 | In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the... | E | |
| CVE-2020-27554 | Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware... | E | |
| CVE-2020-27555 | Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 all... | E | |
| CVE-2020-27556 | A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remot... | E | |
| CVE-2020-27557 | Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 all... | E | |
| CVE-2020-27558 | Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers ... | E | |
| CVE-2020-27560 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which ma... | S | |
| CVE-2020-27568 | Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and di... | | |
| CVE-2020-27569 | Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to... | | |
| CVE-2020-27574 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated... | E | |
| CVE-2020-27575 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administrat... | E | |
| CVE-2020-27576 | Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create f... | | |
| CVE-2020-27583 | IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which cou... | E | |
| CVE-2020-27585 | Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive a... | E | |
| CVE-2020-27586 | Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.... | E | |
| CVE-2020-27587 | Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to f... | E | |
| CVE-2020-27589 | Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL c... | E S | |
| CVE-2020-27600 | HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows rem... | E | |
| CVE-2020-27601 | In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened... | S | |
| CVE-2020-27602 | BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId... | S | |
| CVE-2020-27603 | BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document convers... | E | |
| CVE-2020-27604 | BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for re... | E | |
| CVE-2020-27605 | BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and conseque... | E | |
| CVE-2020-27606 | BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an h... | E | |
| CVE-2020-27607 | In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the ser... | E | |
| CVE-2020-27608 | In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Co... | E | |
| CVE-2020-27609 | BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in ... | E | |
| CVE-2020-27610 | The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network servi... | E | |
| CVE-2020-27611 | BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an uni... | S | |
| CVE-2020-27612 | Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an uni... | | |
| CVE-2020-27613 | The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITC... | E | |
| CVE-2020-27614 | AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not p... | | |
| CVE-2020-27615 | The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related t... | E S | |
| CVE-2020-27616 | ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calcu... | S | |
| CVE-2020-27617 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A... | S | |
| CVE-2020-27618 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval... | E S | |
| CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on con... | S | |
| CVE-2020-27620 | The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not bein... | | |
| CVE-2020-27621 | The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user act... | E S | |
| CVE-2020-27622 | In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the... | | |
| CVE-2020-27623 | JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances... | | |
| CVE-2020-27624 | JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.... | | |
| CVE-2020-27625 | In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.... | | |
| CVE-2020-27626 | JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.... | | |
| CVE-2020-27627 | JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.... | | |
| CVE-2020-27628 | In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.... | | |
| CVE-2020-27629 | In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending... | | |
| CVE-2020-27630 | In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.... | | |
| CVE-2020-27631 | In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.... | | |
| CVE-2020-27632 | In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant v... | | |
| CVE-2020-27633 | In FNET 4.6.3, TCP ISNs are improperly random.... | | |
| CVE-2020-27634 | In Contiki 4.5, TCP ISNs are improperly random.... | | |
| CVE-2020-27635 | In PicoTCP 1.7.0, TCP ISNs are improperly random.... | | |
| CVE-2020-27636 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.... | | |
| CVE-2020-27637 | The R programming language’s default package manager CRAN is affected by a path traversal vulnerabil... | E | |
| CVE-2020-27638 | receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets wi... | S | |
| CVE-2020-27639 | The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.S... | | |
| CVE-2020-27640 | The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could a... | | |
| CVE-2020-27641 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-29136. Reason: This candidat... | R | |
| CVE-2020-27642 | A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js ... | S | |
| CVE-2020-27643 | The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticat... | | |
| CVE-2020-27644 | The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROG... | | |
| CVE-2020-27645 | The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROG... | | |
| CVE-2020-27646 | Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential the... | | |
| CVE-2020-27648 | Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM... | E | |
| CVE-2020-27649 | Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) bef... | E | |
| CVE-2020-27650 | Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session... | | |
| CVE-2020-27651 | Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie ... | E | |
| CVE-2020-27652 | Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3... | E | |
| CVE-2020-27653 | Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081... | E | |
| CVE-2020-27654 | Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allo... | E | |
| CVE-2020-27655 | Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remo... | E | |
| CVE-2020-27656 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manage... | E | |
| CVE-2020-27657 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SR... | E | |
| CVE-2020-27658 | Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie h... | E | |
| CVE-2020-27659 | Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow r... | E | |
| CVE-2020-27660 | SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote at... | E | |
| CVE-2020-27661 | A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host... | S | |
| CVE-2020-27662 | In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability... | | |
| CVE-2020-27663 | In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulne... | | |
| CVE-2020-27664 | admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?u... | S | |
| CVE-2020-27665 | In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-buil... | S | |
| CVE-2020-27666 | Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.... | S | |
| CVE-2020-27670 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of servi... | S | |
| CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a den... | S | |
| CVE-2020-27672 | An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial ... | S | |
| CVE-2020-27673 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS... | S | |
| CVE-2020-27674 | An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privil... | S | |
| CVE-2020-27675 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/... | S | |
| CVE-2020-27678 | An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay,... | S | |
| CVE-2020-27687 | ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows... | E | |
| CVE-2020-27688 | RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the c... | | |
| CVE-2020-27689 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented defa... | E | |
| CVE-2020-27690 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow... | E | |
| CVE-2020-27691 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking... | E | |
| CVE-2020-27692 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vul... | E | |
| CVE-2020-27693 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwor... | E | |
| CVE-2020-27694 | Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critic... | E | |
| CVE-2020-27695 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be... | | |
| CVE-2020-27696 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be... | | |
| CVE-2020-27697 | Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be... | | |
| CVE-2020-27708 | A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate th... | E | |
| CVE-2020-27713 | In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to... | | |
| CVE-2020-27714 | On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspe... | | |
| CVE-2020-27715 | On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface ... | | |
| CVE-2020-27716 | On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, w... | | |
| CVE-2020-27717 | On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2,... | | |
| CVE-2020-27718 | When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14... | | |
| CVE-2020-27719 | On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerab... | | |
| CVE-2020-27720 | On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, wh... | | |
| CVE-2020-27721 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.... | | |
| CVE-2020-27722 | In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions... | | |
| CVE-2020-27723 | In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess req... | | |
| CVE-2020-27724 | In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1... | | |
| CVE-2020-27725 | In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of ... | | |
| CVE-2020-27726 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a... | | |
| CVE-2020-27727 | On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an auth... | | |
| CVE-2020-27728 | On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under cer... | | |
| CVE-2020-27729 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 1... | | |
| CVE-2020-27730 | In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute pa... | | |
| CVE-2020-27731 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-27732 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-27733 | Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection v... | | |
| CVE-2020-27735 | An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the he... | E | |
| CVE-2020-27736 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | S | |
| CVE-2020-27737 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | S | |
| CVE-2020-27738 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | S | |
| CVE-2020-27739 | A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote ... | E | |
| CVE-2020-27740 | Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within t... | E | |
| CVE-2020-27741 | Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attac... | E | |
| CVE-2020-27742 | An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated... | E | |
| CVE-2020-27743 | libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes().... | | |
| CVE-2020-27744 | An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote c... | E | |
| CVE-2020-27745 | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.... | S | |
| CVE-2020-27746 | Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor ... | S | |
| CVE-2020-27747 | An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system ha... | | |
| CVE-2020-27748 | A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: ... | E | |
| CVE-2020-27749 | A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supp... | S | |
| CVE-2020-27750 | A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An atta... | E S | |
| CVE-2020-27751 | A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted fi... | E S | |
| CVE-2020-27752 | A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted f... | E S | |
| CVE-2020-27753 | There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth value... | E S | |
| CVE-2020-27754 | In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could r... | E S | |
| CVE-2020-27755 | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak be... | E S | |
| CVE-2020-27756 | In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to div... | E S | |
| CVE-2020-27757 | A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead... | E S | |
| CVE-2020-27758 | A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is proc... | E S | |
| CVE-2020-27759 | In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned... | S | |
| CVE-2020-27760 | In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger... | S | |
| CVE-2020-27761 | WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could l... | S | |
| CVE-2020-27762 | A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is proc... | S | |
| CVE-2020-27763 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that ... | S | |
| CVE-2020-27764 | In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast s... | S | |
| CVE-2020-27765 | A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that... | E S | |
| CVE-2020-27766 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th... | E S | |
| CVE-2020-27767 | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that... | E S | |
| CVE-2020-27768 | In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at Magi... | S | |
| CVE-2020-27769 | In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ... | S | |
| CVE-2020-27770 | Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in... | E S | |
| CVE-2020-27771 | In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could... | E S | |
| CVE-2020-27772 | A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is proc... | E S | |
| CVE-2020-27773 | A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file ... | E S | |
| CVE-2020-27774 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th... | E S | |
| CVE-2020-27775 | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that... | E S | |
| CVE-2020-27776 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file th... | E S | |
| CVE-2020-27777 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a ... | E S | |
| CVE-2020-27778 | A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker... | E S | |
| CVE-2020-27779 | A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot l... | | |
| CVE-2020-27780 | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for no... | | |
| CVE-2020-27781 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul... | | |
| CVE-2020-27782 | A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes coul... | | |
| CVE-2020-27783 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properl... | E S | |
| CVE-2020-27784 | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioc... | S | |
| CVE-2020-27785 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-29074. Reason: This candidat... | R | |
| CVE-2020-27786 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local accoun... | S | |
| CVE-2020-27787 | A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker ... | E S | |
| CVE-2020-27788 | An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() functi... | E S | |
| CVE-2020-27789 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-27790 | A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() functi... | E S | |
| CVE-2020-27791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-27792 | Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c | M | |
| CVE-2020-27793 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This... | E S | |
| CVE-2020-27794 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation coul... | E S | |
| CVE-2020-27795 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when comma... | E S | |
| CVE-2020-27796 | A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UP... | E | |
| CVE-2020-27797 | An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX... | E | |
| CVE-2020-27798 | An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0... | E | |
| CVE-2020-27799 | A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0... | E | |
| CVE-2020-27800 | A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a c... | E | |
| CVE-2020-27801 | A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a c... | E | |
| CVE-2020-27802 | An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 v... | E | |
| CVE-2020-27813 | An integer overflow vulnerability exists with the length of websocket frames received via a websocke... | | |
| CVE-2020-27814 | A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker ... | E S | |
| CVE-2020-27815 | A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with t... | E S | |
| CVE-2020-27816 | The elasticsearch-operator does not validate the namespace where kibana logging resource is created ... | | |
| CVE-2020-27817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a ma... | | |
| CVE-2020-27819 | An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A N... | | |
| CVE-2020-27820 | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler ... | S | |
| CVE-2020-27821 | A flaw was found in the memory management API of QEMU during the initialization of a memory region c... | S | |
| CVE-2020-27822 | A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Fina... | | |
| CVE-2020-27823 | A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y o... | S | |
| CVE-2020-27824 | A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw ... | S | |
| CVE-2020-27825 | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). The... | S | |
| CVE-2020-27826 | A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadat... | | |
| CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memor... | S | |
| CVE-2020-27828 | There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper... | E S | |
| CVE-2020-27829 | A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in I... | S | |
| CVE-2020-27830 | A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would d... | S | |
| CVE-2020-27831 | A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when au... | | |
| CVE-2020-27832 | A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability... | | |
| CVE-2020-27833 | A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file wri... | | |
| CVE-2020-27834 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-27835 | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found ... | S | |
| CVE-2020-27836 | A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only... | S | |
| CVE-2020-27837 | A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session s... | S | |
| CVE-2020-27838 | A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fe... | | |
| CVE-2020-27839 | A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for user authentication is stored ... | | |
| CVE-2020-27840 | A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be i... | | |
| CVE-2020-27841 | There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is a... | S | |
| CVE-2020-27842 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provi... | S | |
| CVE-2020-27843 | A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide spe... | S | |
| CVE-2020-27844 | A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an ... | S | |
| CVE-2020-27845 | There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is abl... | S | |
| CVE-2020-27846 | A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypas... | E S | |
| CVE-2020-27847 | A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SA... | S | |
| CVE-2020-27848 | dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parame... | E S | |
| CVE-2020-27850 | A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Fo... | | |
| CVE-2020-27851 | Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional pa... | | |
| CVE-2020-27852 | A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Form... | | |
| CVE-2020-27853 | Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or p... | E | |
| CVE-2020-27855 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-27856 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-27857 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-27858 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-27859 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-27860 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-27861 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-27862 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-27863 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | | |
| CVE-2020-27864 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-27865 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-27866 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-27867 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2020-27868 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qo... | | |
| CVE-2020-27869 | This vulnerability allows remote attackers to escalate privileges on affected installations of Solar... | | |
| CVE-2020-27870 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-27871 | This vulnerability allows remote attackers to create arbitrary files on affected installations of So... | | |
| CVE-2020-27872 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-27873 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | | |
| CVE-2020-27874 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Te... | | |
| CVE-2020-27885 | Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scrip... | E | |
| CVE-2020-27886 | An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is pro... | S | |
| CVE-2020-27887 | An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficien... | S | |
| CVE-2020-27888 | An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Contr... | | |
| CVE-2020-27890 | The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not p... | | |
| CVE-2020-27891 | The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not p... | | |
| CVE-2020-27892 | The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not p... | | |
| CVE-2020-27893 | An issue existed in screen sharing. This issue was addressed with improved state management. This is... | | |
| CVE-2020-27894 | The issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. ... | | |
| CVE-2020-27895 | An information disclosure issue existed in the transition of program state. This issue was addressed... | | |
| CVE-2020-27896 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 1... | | |
| CVE-2020-27897 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2020-27898 | A denial of service issue was addressed with improved state handling. This issue is fixed in macOS B... | | |
| CVE-2020-27899 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.... | | |
| CVE-2020-27900 | An issue existed in the handling of snapshots. The issue was resolved with improved permissions logi... | | |
| CVE-2020-27901 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, S... | | |
| CVE-2020-27902 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.... | | |
| CVE-2020-27903 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.... | | |
| CVE-2020-27904 | A logic issue existed resulting in memory corruption. This was addressed with improved state managem... | | |
| CVE-2020-27905 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | | |
| CVE-2020-27906 | Multiple integer overflows were addressed with improved input validation. This issue is fixed in mac... | | |
| CVE-2020-27907 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS ... | | |
| CVE-2020-27908 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big... | | |
| CVE-2020-27909 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 ... | | |
| CVE-2020-27910 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big... | | |
| CVE-2020-27911 | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27912 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27914 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2020-27915 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2020-27916 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27917 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS B... | | |
| CVE-2020-27918 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS B... | | |
| CVE-2020-27919 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27920 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS B... | | |
| CVE-2020-27921 | A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11... | | |
| CVE-2020-27922 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2020-27923 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27924 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big... | | |
| CVE-2020-27925 | An issue existed in the handling of incoming calls. The issue was addressed with additional state ch... | | |
| CVE-2020-27926 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.... | | |
| CVE-2020-27927 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2020-27929 | A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved... | | |
| CVE-2020-27930 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | KEV | |
| CVE-2020-27931 | A memory corruption issue existed in the processing of font files. This issue was addressed with imp... | | |
| CVE-2020-27932 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big ... | KEV | |
| CVE-2020-27933 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | | |
| CVE-2020-27935 | Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2,... | | |
| CVE-2020-27936 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ... | | |
| CVE-2020-27937 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2020-27938 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | | |
| CVE-2020-27939 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security U... | | |
| CVE-2020-27940 | This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire O... | | |
| CVE-2020-27941 | A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Sec... | | |
| CVE-2020-27942 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2... | | |
| CVE-2020-27943 | A memory corruption issue existed in the processing of font files. This issue was addressed with imp... | | |
| CVE-2020-27944 | A memory corruption issue existed in the processing of font files. This issue was addressed with imp... | | |
| CVE-2020-27945 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big S... | | |
| CVE-2020-27946 | An information disclosure issue was addressed with improved state management. This issue is fixed in... | | |
| CVE-2020-27947 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2020-27948 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in wat... | | |
| CVE-2020-27949 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed i... | | |
| CVE-2020-27950 | A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.... | KEV | |
| CVE-2020-27951 | This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.... | | |
| CVE-2020-27952 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi... | | |
| CVE-2020-27955 | Git LFS 2.12.0 allows Remote Code Execution.... | E | |
| CVE-2020-27956 | An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management Syste... | E | |
| CVE-2020-27957 | The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-rela... | E S | |
| CVE-2020-27958 | The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.1... | | |
| CVE-2020-27969 | Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spo... | | |
| CVE-2020-27970 | Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar... | | |
| CVE-2020-27974 | NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.... | E | |
| CVE-2020-27975 | osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.... | E | |
| CVE-2020-27976 | osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a ... | E | |
| CVE-2020-27977 | CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for a... | | |
| CVE-2020-27978 | Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated... | | |
| CVE-2020-27980 | Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could ... | E | |
| CVE-2020-27981 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-27982 | IceWarp 11.4.5.0 allows XSS via the language parameter.... | E | |
| CVE-2020-27985 | Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrati... | E S | |
| CVE-2020-27986 | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credential... | | |
| CVE-2020-27988 | Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).... | | |
| CVE-2020-27989 | Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).... | | |
| CVE-2020-27990 | Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).... | | |
| CVE-2020-27991 | Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).... | | |
| CVE-2020-27992 | Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PR... | E | |
| CVE-2020-27993 | Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.... | E | |
| CVE-2020-27994 | SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.... | E | |
| CVE-2020-27995 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execut... | | |
| CVE-2020-27996 | An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a ... | E S | |
| CVE-2020-27997 | An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) pro... | E | |
| CVE-2020-27998 | An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefo... | E |