Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5640 | 1 Onethird | 1 Onethird | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-8578 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2020-10-21 | 2.1 LOW | 6.0 MEDIUM |
| The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | |||||
| CVE-2020-17003 | 1 Microsoft | 1 3d Viewer | 2020-10-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16918. | |||||
| CVE-2020-16918 | 1 Microsoft | 2 365 Apps, 3d Viewer | 2020-10-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003. | |||||
| CVE-2013-1753 | 1 Python | 1 Python | 2020-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | |||||
| CVE-2020-16886 | 1 Microsoft | 1 Powershellget | 2020-10-21 | 7.2 HIGH | 6.7 MEDIUM |
| A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka 'PowerShellGet Module WDAC Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-16863 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-10-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'. | |||||
| CVE-2020-1243 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-10-21 | 4.6 MEDIUM | 7.8 HIGH |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2020-9912 | 1 Apple | 1 Safari | 2020-10-20 | 2.1 LOW | 3.3 LOW |
| A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode. | |||||
| CVE-2020-9864 | 1 Apple | 1 Mac Os X | 2020-10-20 | 10.0 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-16938 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16901. | |||||
| CVE-2020-16957 | 1 Microsoft | 2 365 Apps, Office | 2020-10-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. | |||||
| CVE-2020-16948 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953. | |||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | |||||
| CVE-2020-17023 | 1 Microsoft | 1 Visual Studio Code | 2020-10-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'. | |||||
| CVE-2020-16977 | 1 Microsoft | 1 Visual Studio Code | 2020-10-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. | |||||
| CVE-2020-9913 | 1 Apple | 1 Mac Os X | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | |||||
| CVE-2019-5465 | 1 Gitlab | 1 Gitlab | 2020-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. | |||||
| CVE-2020-16923 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-10-20 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1167. | |||||
| CVE-2020-16911 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-10-20 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | |||||