nvd.nist.gov.rdf.xml - sfeed_tests - sfeed tests and RSS and Atom files
(HTM) git clone git://git.codemadness.org/sfeed_tests
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
nvd.nist.gov.rdf.xml (447055B)
---
1 <?xml version="1.0" encoding="UTF-8"?>
2 <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/">
3 <channel rdf:about="https://web.nvd.nist.gov/view/vuln/search">
4 <title>National Vulnerability Database</title>
5 <link>https://web.nvd.nist.gov/view/vuln/search</link>
6 <description>This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.</description>
7 <items>
8 <rdf:Seq>
9 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6335" />
10 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8743" />
11 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706" />
12 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13004" />
13 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13020" />
14 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13024" />
15 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13028" />
16 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13687" />
17 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13711" />
18 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13725" />
19 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17499" />
20 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5509" />
21 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5510" />
22 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9250" />
23 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9524" />
24 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10896" />
25 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11764" />
26 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18508" />
27 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4339" />
28 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4381" />
29 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4390" />
30 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4391" />
31 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4428" />
32 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4433" />
33 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4444" />
34 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4448" />
35 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4451" />
36 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4452" />
37 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4467" />
38 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4468" />
39 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4474" />
40 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7421" />
41 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8062" />
42 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11454" />
43 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11578" />
44 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12305" />
45 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13633" />
46 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14711" />
47 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14713" />
48 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14716" />
49 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14717" />
50 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14718" />
51 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14719" />
52 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16127" />
53 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16128" />
54 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16129" />
55 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17006" />
56 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17007" />
57 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17640" />
58 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18792" />
59 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18794" />
60 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18795" />
61 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18796" />
62 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19115" />
63 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19513" />
64 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19885" />
65 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20851" />
66 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7291" />
67 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8509" />
68 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8525" />
69 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8528" />
70 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8531" />
71 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8532" />
72 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8534" />
73 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8538" />
74 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8539" />
75 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8547" />
76 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8570" />
77 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8582" />
78 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8592" />
79 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8612" />
80 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8618" />
81 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8631" />
82 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8633" />
83 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8638" />
84 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8639" />
85 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8664" />
86 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8668" />
87 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8675" />
88 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8696" />
89 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8706" />
90 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8708" />
91 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8709" />
92 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8712" />
93 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8715" />
94 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8716" />
95 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8718" />
96 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8728" />
97 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8732" />
98 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8734" />
99 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8736" />
100 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8737" />
101 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8740" />
102 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8744" />
103 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8746" />
104 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8749" />
105 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8751" />
106 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8752" />
107 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8753" />
108 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8754" />
109 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8756" />
110 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8759" />
111 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8761" />
112 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8762" />
113 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8767" />
114 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8771" />
115 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8773" />
116 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8774" />
117 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8780" />
118 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8796" />
119 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8799" />
120 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8809" />
121 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8824" />
122 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8825" />
123 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8826" />
124 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8827" />
125 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8828" />
126 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8829" />
127 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8830" />
128 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8831" />
129 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8832" />
130 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8833" />
131 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8834" />
132 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8835" />
133 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8836" />
134 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8837" />
135 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8838" />
136 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8841" />
137 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8842" />
138 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8844" />
139 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8846" />
140 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8847" />
141 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8848" />
142 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8850" />
143 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8852" />
144 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8853" />
145 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8854" />
146 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8855" />
147 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8856" />
148 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8898" />
149 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8901" />
150 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9080" />
151 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10256" />
152 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10721" />
153 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11496" />
154 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11637" />
155 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11644" />
156 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12401" />
157 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12779" />
158 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12928" />
159 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13333" />
160 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13341" />
161 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13778" />
162 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13893" />
163 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13937" />
164 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13943" />
165 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13955" />
166 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14184" />
167 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14185" />
168 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14299" />
169 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14355" />
170 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14672" />
171 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14765" />
172 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14768" />
173 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14769" />
174 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14770" />
175 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14771" />
176 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14772" />
177 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14773" />
178 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14774" />
179 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14775" />
180 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14776" />
181 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14777" />
182 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14778" />
183 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14779" />
184 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14780" />
185 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14781" />
186 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14782" />
187 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14783" />
188 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14784" />
189 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14785" />
190 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14787" />
191 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14788" />
192 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14792" />
193 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14796" />
194 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14797" />
195 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14798" />
196 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14800" />
197 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14812" />
198 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14831" />
199 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14836" />
200 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14837" />
201 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14838" />
202 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14839" />
203 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14840" />
204 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14842" />
205 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14843" />
206 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14845" />
207 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14847" />
208 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14850" />
209 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14851" />
210 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14852" />
211 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14853" />
212 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14854" />
213 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14860" />
214 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14861" />
215 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14866" />
216 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14867" />
217 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14868" />
218 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14876" />
219 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14877" />
220 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14880" />
221 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14881" />
222 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14882" />
223 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14883" />
224 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14884" />
225 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14885" />
226 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15002" />
227 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15003" />
228 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15004" />
229 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15157" />
230 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15224" />
231 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15229" />
232 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15233" />
233 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15240" />
234 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15245" />
235 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15250" />
236 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15251" />
237 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15252" />
238 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15254" />
239 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15255" />
240 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15256" />
241 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15258" />
242 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15261" />
243 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15262" />
244 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15269" />
245 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15270" />
246 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15272" />
247 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15274" />
248 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15680" />
249 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15681" />
250 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15682" />
251 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15683" />
252 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15684" />
253 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15797" />
254 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15838" />
255 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15909" />
256 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15910" />
257 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15931" />
258 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16140" />
259 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16159" />
260 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16160" />
261 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16161" />
262 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16246" />
263 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1656" />
264 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1657" />
265 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1660" />
266 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1661" />
267 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1662" />
268 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1664" />
269 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1665" />
270 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1666" />
271 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1667" />
272 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1668" />
273 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1669" />
274 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1670" />
275 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1671" />
276 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1672" />
277 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1673" />
278 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1674" />
279 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1675" />
280 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1676" />
281 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1677" />
282 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1678" />
283 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1679" />
284 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1680" />
285 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1681" />
286 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1682" />
287 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1683" />
288 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1684" />
289 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1685" />
290 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1686" />
291 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1687" />
292 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1688" />
293 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16885" />
294 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16887" />
295 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16889" />
296 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1689" />
297 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16890" />
298 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16892" />
299 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16900" />
300 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16902" />
301 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16904" />
302 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16916" />
303 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17381" />
304 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17406" />
305 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17407" />
306 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17454" />
307 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18129" />
308 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18766" />
309 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20627" />
310 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21674" />
311 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23864" />
312 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23945" />
313 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24303" />
314 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24352" />
315 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24375" />
316 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24387" />
317 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24388" />
318 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24418" />
319 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24419" />
320 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24420" />
321 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24423" />
322 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24551" />
323 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24631" />
324 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24632" />
325 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24708" />
326 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24709" />
327 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24847" />
328 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25186" />
329 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25188" />
330 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211" />
331 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25214" />
332 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25466" />
333 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25470" />
334 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25777" />
335 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25778" />
336 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25820" />
337 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25824" />
338 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25825" />
339 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25858" />
340 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25859" />
341 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26161" />
342 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26546" />
343 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26561" />
344 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26566" />
345 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26583" />
346 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26584" />
347 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26649" />
348 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26650" />
349 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26891" />
350 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26894" />
351 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26932" />
352 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26935" />
353 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26943" />
354 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26944" />
355 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26945" />
356 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26947" />
357 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26948" />
358 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27013" />
359 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27155" />
360 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27163" />
361 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27173" />
362 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27174" />
363 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27176" />
364 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27178" />
365 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27180" />
366 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27181" />
367 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27182" />
368 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27183" />
369 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27187" />
370 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194" />
371 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27197" />
372 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27388" />
373 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27533" />
374 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27560" />
375 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27603" />
376 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27604" />
377 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27605" />
378 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27606" />
379 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27607" />
380 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27608" />
381 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27609" />
382 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27610" />
383 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27611" />
384 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27612" />
385 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27613" />
386 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27620" />
387 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27638" />
388 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27642" />
389 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27664" />
390 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27665" />
391 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27666" />
392 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27670" />
393 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27671" />
394 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27672" />
395 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673" />
396 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27678" />
397 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27974" />
398 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27975" />
399 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27976" />
400 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3299" />
401 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3304" />
402 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3373" />
403 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3410" />
404 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3427" />
405 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3436" />
406 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3455" />
407 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3456" />
408 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3457" />
409 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3458" />
410 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3459" />
411 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3483" />
412 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3499" />
413 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3514" />
414 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3515" />
415 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3528" />
416 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3529" />
417 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3533" />
418 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3549" />
419 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3550" />
420 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3553" />
421 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3554" />
422 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3555" />
423 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3557" />
424 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3558" />
425 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3578" />
426 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3580" />
427 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3581" />
428 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3582" />
429 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3583" />
430 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3585" />
431 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3597" />
432 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3855" />
433 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3863" />
434 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3864" />
435 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3880" />
436 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3898" />
437 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3915" />
438 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3918" />
439 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3981" />
440 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3982" />
441 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3992" />
442 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3993" />
443 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3994" />
444 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3995" />
445 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3996" />
446 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3997" />
447 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3998" />
448 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4395" />
449 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4731" />
450 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4767" />
451 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4780" />
452 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4781" />
453 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4782" />
454 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5650" />
455 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5651" />
456 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5977" />
457 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5978" />
458 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5990" />
459 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6022" />
460 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6023" />
461 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6083" />
462 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6084" />
463 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6085" />
464 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6369" />
465 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6648" />
466 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6876" />
467 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6933" />
468 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7124" />
469 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7125" />
470 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7126" />
471 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7127" />
472 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7330" />
473 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7363" />
474 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7364" />
475 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7371" />
476 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7590" />
477 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7736" />
478 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7743" />
479 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7744" />
480 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7749" />
481 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7750" />
482 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7753" />
483 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7754" />
484 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8263" />
485 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8332" />
486 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8345" />
487 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8349" />
488 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8579" />
489 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8929" />
490 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8956" />
491 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9105" />
492 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9111" />
493 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9112" />
494 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9123" />
495 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9417" />
496 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9771" />
497 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9772" />
498 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9779" />
499 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9786" />
500 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9787" />
501 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9796" />
502 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9810" />
503 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9828" />
504 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9853" />
505 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9854" />
506 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9857" />
507 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9860" />
508 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9863" />
509 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9866" />
510 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9868" />
511 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9869" />
512 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9871" />
513 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9872" />
514 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9873" />
515 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9874" />
516 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9875" />
517 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9876" />
518 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9877" />
519 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9879" />
520 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9880" />
521 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9881" />
522 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9882" />
523 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9883" />
524 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9887" />
525 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9892" />
526 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9898" />
527 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9899" />
528 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9900" />
529 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9901" />
530 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9902" />
531 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9904" />
532 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9905" />
533 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9906" />
534 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9908" />
535 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9919" />
536 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9920" />
537 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9921" />
538 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9924" />
539 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9927" />
540 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9928" />
541 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9929" />
542 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9935" />
543 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9937" />
544 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9938" />
545 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9939" />
546 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9940" />
547 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9941" />
548 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9961" />
549 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9973" />
550 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9979" />
551 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9980" />
552 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9982" />
553 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9984" />
554 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9985" />
555 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9986" />
556 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9990" />
557 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9994" />
558 <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9997" />
559 </rdf:Seq>
560 </items>
561 <dc:date>2020-10-30T18:00:01Z</dc:date>
562 <dc:language>en-us</dc:language>
563 <dc:rights>This material is not copywritten and may be freely used, however, attribution is requested.</dc:rights>
564 </channel>
565 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6335">
566 <title>CVE-2013-6335 (tivoli_storage_manager)</title>
567 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6335</link>
568 <description>The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.</description>
569 <dc:date>2014-08-26T10:55:04Z</dc:date>
570 </item>
571 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8743">
572 <title>CVE-2015-8743 (debian_linux, qemu)</title>
573 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8743</link>
574 <description>QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.</description>
575 <dc:date>2016-12-29T22:59:00Z</dc:date>
576 </item>
577 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706">
578 <title>CVE-2016-3706 (glibc, opensuse)</title>
579 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3706</link>
580 <description>Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.</description>
581 <dc:date>2016-06-10T15:59:03Z</dc:date>
582 </item>
583 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13004">
584 <title>CVE-2017-13004 (debian_linux, tcpdump)</title>
585 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13004</link>
586 <description>The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().</description>
587 <dc:date>2017-09-14T06:29:01Z</dc:date>
588 </item>
589 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13020">
590 <title>CVE-2017-13020 (debian_linux, tcpdump)</title>
591 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13020</link>
592 <description>The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().</description>
593 <dc:date>2017-09-14T06:29:01Z</dc:date>
594 </item>
595 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13024">
596 <title>CVE-2017-13024 (debian_linux, tcpdump)</title>
597 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13024</link>
598 <description>The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().</description>
599 <dc:date>2017-09-14T06:29:02Z</dc:date>
600 </item>
601 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13028">
602 <title>CVE-2017-13028 (debian_linux, tcpdump)</title>
603 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13028</link>
604 <description>The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().</description>
605 <dc:date>2017-09-14T06:29:02Z</dc:date>
606 </item>
607 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13687">
608 <title>CVE-2017-13687 (debian_linux, tcpdump)</title>
609 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13687</link>
610 <description>The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().</description>
611 <dc:date>2017-09-14T06:29:03Z</dc:date>
612 </item>
613 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13711">
614 <title>CVE-2017-13711 (debian_linux, qemu)</title>
615 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13711</link>
616 <description>Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.</description>
617 <dc:date>2017-09-01T13:29:00Z</dc:date>
618 </item>
619 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13725">
620 <title>CVE-2017-13725 (debian_linux, tcpdump)</title>
621 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13725</link>
622 <description>The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().</description>
623 <dc:date>2017-09-14T06:29:03Z</dc:date>
624 </item>
625 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17499">
626 <title>CVE-2017-17499 (debian_linux, imagemagick, ubuntu_linux)</title>
627 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17499</link>
628 <description>ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.</description>
629 <dc:date>2017-12-11T02:29:00Z</dc:date>
630 </item>
631 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5509">
632 <title>CVE-2017-5509 (imagemagick)</title>
633 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5509</link>
634 <description>coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.</description>
635 <dc:date>2017-03-24T15:59:01Z</dc:date>
636 </item>
637 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5510">
638 <title>CVE-2017-5510 (debian_linux, imagemagick)</title>
639 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5510</link>
640 <description>coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.</description>
641 <dc:date>2017-03-24T15:59:01Z</dc:date>
642 </item>
643 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9250">
644 <title>CVE-2017-9250 (jerryscript)</title>
645 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9250</link>
646 <description>The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.</description>
647 <dc:date>2017-05-28T20:29:00Z</dc:date>
648 </item>
649 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9524">
650 <title>CVE-2017-9524 (debian_linux, qemu)</title>
651 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9524</link>
652 <description>The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.</description>
653 <dc:date>2017-07-06T16:29:00Z</dc:date>
654 </item>
655 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10896">
656 <title>CVE-2018-10896 (cloud-init)</title>
657 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10896</link>
658 <description>The default cloud-init configuration, in cloud-init 0.6.2 and newer, included &quot;ssh_deletekeys: 0&quot;, disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.</description>
659 <dc:date>2018-08-01T17:29:00Z</dc:date>
660 </item>
661 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11764">
662 <title>CVE-2018-11764 (hadoop)</title>
663 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11764</link>
664 <description>Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.</description>
665 <dc:date>2020-10-21T19:15:13Z</dc:date>
666 </item>
667 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18508">
668 <title>CVE-2018-18508 (network_security_services)</title>
669 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18508</link>
670 <description>In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.</description>
671 <dc:date>2020-10-22T21:15:12Z</dc:date>
672 </item>
673 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4339">
674 <title>CVE-2018-4339 (iphone_os)</title>
675 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4339</link>
676 <description>This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.</description>
677 <dc:date>2020-10-27T20:15:13Z</dc:date>
678 </item>
679 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4381">
680 <title>CVE-2018-4381 (iphone_os, tvos)</title>
681 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4381</link>
682 <description>A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service.</description>
683 <dc:date>2020-10-27T20:15:13Z</dc:date>
684 </item>
685 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4390">
686 <title>CVE-2018-4390 (iphone_os, mac_os_x, watchos)</title>
687 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4390</link>
688 <description>An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.</description>
689 <dc:date>2020-10-27T20:15:13Z</dc:date>
690 </item>
691 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4391">
692 <title>CVE-2018-4391 (iphone_os, mac_os_x, watchos)</title>
693 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4391</link>
694 <description>An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing.</description>
695 <dc:date>2020-10-27T20:15:13Z</dc:date>
696 </item>
697 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4428">
698 <title>CVE-2018-4428 (iphone_os)</title>
699 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4428</link>
700 <description>A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen.</description>
701 <dc:date>2020-10-27T20:15:13Z</dc:date>
702 </item>
703 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4433">
704 <title>CVE-2018-4433 (iphone_os, mac_os_x, tvos, watchos)</title>
705 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4433</link>
706 <description>A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.</description>
707 <dc:date>2020-10-27T20:15:13Z</dc:date>
708 </item>
709 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4444">
710 <title>CVE-2018-4444 (iphone_os, itunes, safari, tvos)</title>
711 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4444</link>
712 <description>A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.</description>
713 <dc:date>2020-10-27T20:15:13Z</dc:date>
714 </item>
715 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4448">
716 <title>CVE-2018-4448 (iphone_os, mac_os_x, tvos, watchos)</title>
717 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4448</link>
718 <description>A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory.</description>
719 <dc:date>2020-10-27T20:15:13Z</dc:date>
720 </item>
721 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4451">
722 <title>CVE-2018-4451 (mac_os_x)</title>
723 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4451</link>
724 <description>This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation.</description>
725 <dc:date>2020-10-27T20:15:13Z</dc:date>
726 </item>
727 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4452">
728 <title>CVE-2018-4452 (mac_os_x)</title>
729 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4452</link>
730 <description>A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges.</description>
731 <dc:date>2020-10-27T20:15:13Z</dc:date>
732 </item>
733 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4467">
734 <title>CVE-2018-4467 (mac_os_x)</title>
735 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4467</link>
736 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to elevate privileges.</description>
737 <dc:date>2020-10-27T20:15:14Z</dc:date>
738 </item>
739 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4468">
740 <title>CVE-2018-4468 (mac_os_x)</title>
741 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4468</link>
742 <description>This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files.</description>
743 <dc:date>2020-10-27T20:15:14Z</dc:date>
744 </item>
745 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4474">
746 <title>CVE-2018-4474 (icloud, iphone_os, itunes, safari, tvos, watchos)</title>
747 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4474</link>
748 <description>A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.</description>
749 <dc:date>2020-10-27T20:15:14Z</dc:date>
750 </item>
751 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7421">
752 <title>CVE-2018-7421 (wireshark)</title>
753 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7421</link>
754 <description>In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.</description>
755 <dc:date>2018-02-23T22:29:01Z</dc:date>
756 </item>
757 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8062">
758 <title>CVE-2018-8062 (ar-5387un_firmware)</title>
759 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8062</link>
760 <description>A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.</description>
761 <dc:date>2020-10-23T05:15:11Z</dc:date>
762 </item>
763 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11454">
764 <title>CVE-2019-11454 (debian_linux, fedora, monit, ubuntu_linux)</title>
765 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11454</link>
766 <description>Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.</description>
767 <dc:date>2019-04-22T16:29:01Z</dc:date>
768 </item>
769 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11578">
770 <title>CVE-2019-11578 (dhcpcd)</title>
771 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11578</link>
772 <description>auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.</description>
773 <dc:date>2019-04-28T16:29:00Z</dc:date>
774 </item>
775 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12305">
776 <title>CVE-2019-12305 (ezcast_pro_ii_firmware)</title>
777 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12305</link>
778 <description>In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.</description>
779 <dc:date>2020-10-16T20:15:12Z</dc:date>
780 </item>
781 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13633">
782 <title>CVE-2019-13633 (blinger)</title>
783 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13633</link>
784 <description>Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.</description>
785 <dc:date>2020-10-19T20:15:12Z</dc:date>
786 </item>
787 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14711">
788 <title>CVE-2019-14711 (mx900_firmware)</title>
789 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14711</link>
790 <description>Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.</description>
791 <dc:date>2020-10-23T05:15:12Z</dc:date>
792 </item>
793 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14713">
794 <title>CVE-2019-14713 (mx900_firmware)</title>
795 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14713</link>
796 <description>Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.</description>
797 <dc:date>2020-10-23T05:15:12Z</dc:date>
798 </item>
799 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14716">
800 <title>CVE-2019-14716 (verix_os)</title>
801 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14716</link>
802 <description>Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).</description>
803 <dc:date>2020-10-23T05:15:12Z</dc:date>
804 </item>
805 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14717">
806 <title>CVE-2019-14717 (verix_os)</title>
807 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14717</link>
808 <description>Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.</description>
809 <dc:date>2020-10-23T05:15:12Z</dc:date>
810 </item>
811 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14718">
812 <title>CVE-2019-14718 (mx900_firmware)</title>
813 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14718</link>
814 <description>Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.</description>
815 <dc:date>2020-10-23T05:15:12Z</dc:date>
816 </item>
817 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14719">
818 <title>CVE-2019-14719 (mx900_firmware)</title>
819 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14719</link>
820 <description>Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.</description>
821 <dc:date>2020-10-23T05:15:13Z</dc:date>
822 </item>
823 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16127">
824 <title>CVE-2019-16127 (advanced_software_framework_4)</title>
825 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16127</link>
826 <description>Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.</description>
827 <dc:date>2020-10-22T19:15:12Z</dc:date>
828 </item>
829 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16128">
830 <title>CVE-2019-16128 (cryptoauthlib)</title>
831 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16128</link>
832 <description>Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).</description>
833 <dc:date>2020-10-22T20:15:12Z</dc:date>
834 </item>
835 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16129">
836 <title>CVE-2019-16129 (cryptoauthlib)</title>
837 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16129</link>
838 <description>Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).</description>
839 <dc:date>2020-10-22T19:15:13Z</dc:date>
840 </item>
841 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17006">
842 <title>CVE-2019-17006 (network_security_services)</title>
843 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17006</link>
844 <description>In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.</description>
845 <dc:date>2020-10-22T21:15:12Z</dc:date>
846 </item>
847 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17007">
848 <title>CVE-2019-17007 (network_security_services)</title>
849 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17007</link>
850 <description>In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.</description>
851 <dc:date>2020-10-22T21:15:12Z</dc:date>
852 </item>
853 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17640">
854 <title>CVE-2019-17640 (vert.x)</title>
855 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17640</link>
856 <description>In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.</description>
857 <dc:date>2020-10-15T21:15:11Z</dc:date>
858 </item>
859 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18792">
860 <title>CVE-2019-18792 (debian_linux, suricata)</title>
861 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18792</link>
862 <description>An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet (containing the data) will be ignored by Suricata because it overlaps the FIN packet (the sequence and ack number are identical in the two packets). The client will ignore the fake FIN packet because the ACK flag is not set. Both linux and windows clients are ignoring the injected packet.</description>
863 <dc:date>2020-01-06T18:15:23Z</dc:date>
864 </item>
865 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18794">
866 <title>CVE-2019-18794 (bass)</title>
867 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18794</link>
868 <description>The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.</description>
869 <dc:date>2020-10-16T13:15:11Z</dc:date>
870 </item>
871 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18795">
872 <title>CVE-2019-18795 (bass)</title>
873 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18795</link>
874 <description>The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.</description>
875 <dc:date>2020-10-16T13:15:11Z</dc:date>
876 </item>
877 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18796">
878 <title>CVE-2019-18796 (bass)</title>
879 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18796</link>
880 <description>The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.</description>
881 <dc:date>2020-10-16T13:15:11Z</dc:date>
882 </item>
883 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19115">
884 <title>CVE-2019-19115 (apo_software_component)</title>
885 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19115</link>
886 <description>An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.</description>
887 <dc:date>2020-10-08T22:15:11Z</dc:date>
888 </item>
889 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19513">
890 <title>CVE-2019-19513 (bassmidi)</title>
891 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19513</link>
892 <description>The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.</description>
893 <dc:date>2020-10-16T13:15:11Z</dc:date>
894 </item>
895 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19885">
896 <title>CVE-2019-19885 (com465dp_firmware, com465id_firmware, com465ip_firmware, cp700_firmware, cp907_firmware, cp915_firmware)</title>
897 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19885</link>
898 <description>In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0.</description>
899 <dc:date>2020-10-16T13:15:11Z</dc:date>
900 </item>
901 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20851">
902 <title>CVE-2019-20851 (mattermost)</title>
903 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20851</link>
904 <description>An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.</description>
905 <dc:date>2020-06-19T15:15:10Z</dc:date>
906 </item>
907 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7291">
908 <title>CVE-2019-7291 (airport_base_station_firmware)</title>
909 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7291</link>
910 <description>A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack.</description>
911 <dc:date>2020-10-27T20:15:14Z</dc:date>
912 </item>
913 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8509">
914 <title>CVE-2019-8509 (mac_os_x)</title>
915 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8509</link>
916 <description>This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A malicious application may be able to elevate privileges.</description>
917 <dc:date>2020-10-27T20:15:14Z</dc:date>
918 </item>
919 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8525">
920 <title>CVE-2019-8525 (iphone_os, mac_os_x, watchos)</title>
921 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8525</link>
922 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.</description>
923 <dc:date>2020-10-27T20:15:14Z</dc:date>
924 </item>
925 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8528">
926 <title>CVE-2019-8528 (iphone_os, mac_os_x, watchos)</title>
927 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8528</link>
928 <description>A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges.</description>
929 <dc:date>2020-10-27T20:15:14Z</dc:date>
930 </item>
931 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8531">
932 <title>CVE-2019-8531 (iphone_os, mac_os_x, watchos)</title>
933 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8531</link>
934 <description>A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.</description>
935 <dc:date>2020-10-27T21:15:12Z</dc:date>
936 </item>
937 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8532">
938 <title>CVE-2019-8532 (iphone_os, watchos)</title>
939 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8532</link>
940 <description>A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.</description>
941 <dc:date>2020-10-27T20:15:14Z</dc:date>
942 </item>
943 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8534">
944 <title>CVE-2019-8534 (mac_os_x)</title>
945 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8534</link>
946 <description>A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.</description>
947 <dc:date>2020-10-27T20:15:14Z</dc:date>
948 </item>
949 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8538">
950 <title>CVE-2019-8538 (iphone_os, mac_os_x, watchos)</title>
951 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8538</link>
952 <description>A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service.</description>
953 <dc:date>2020-10-27T20:15:15Z</dc:date>
954 </item>
955 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8539">
956 <title>CVE-2019-8539 (mac_os_x)</title>
957 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8539</link>
958 <description>A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges.</description>
959 <dc:date>2020-10-27T20:15:15Z</dc:date>
960 </item>
961 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8547">
962 <title>CVE-2019-8547 (iphone_os, mac_os_x, watchos)</title>
963 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8547</link>
964 <description>An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory.</description>
965 <dc:date>2020-10-27T20:15:15Z</dc:date>
966 </item>
967 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8570">
968 <title>CVE-2019-8570 (icloud, iphone_os, itunes, safari, tvos)</title>
969 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8570</link>
970 <description>A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.</description>
971 <dc:date>2020-10-27T20:15:15Z</dc:date>
972 </item>
973 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8582">
974 <title>CVE-2019-8582 (icloud, iphone_os, itunes, mac_os_x, tvos)</title>
975 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8582</link>
976 <description>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory.</description>
977 <dc:date>2020-10-27T20:15:15Z</dc:date>
978 </item>
979 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8592">
980 <title>CVE-2019-8592 (iphone_os, mac_os_x, tvos, watchos)</title>
981 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8592</link>
982 <description>A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a malicious audio file may lead to arbitrary code execution.</description>
983 <dc:date>2020-10-27T20:15:16Z</dc:date>
984 </item>
985 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8612">
986 <title>CVE-2019-8612 (iphone_os, mac_os_x, tvos, watchos)</title>
987 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8612</link>
988 <description>A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state.</description>
989 <dc:date>2020-10-27T20:15:16Z</dc:date>
990 </item>
991 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8618">
992 <title>CVE-2019-8618 (iphone_os, mac_os_x, watchos)</title>
993 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8618</link>
994 <description>A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.</description>
995 <dc:date>2020-10-27T20:15:16Z</dc:date>
996 </item>
997 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8631">
998 <title>CVE-2019-8631 (iphone_os, mac_os_x, tvos)</title>
999 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8631</link>
1000 <description>A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.</description>
1001 <dc:date>2020-10-27T20:15:16Z</dc:date>
1002 </item>
1003 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8633">
1004 <title>CVE-2019-8633 (iphone_os, mac_os_x, tvos, watchos)</title>
1005 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8633</link>
1006 <description>A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.</description>
1007 <dc:date>2020-10-27T20:15:16Z</dc:date>
1008 </item>
1009 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8638">
1010 <title>CVE-2019-8638 (icloud, iphone_os, itunes, safari, watchos)</title>
1011 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8638</link>
1012 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1013 <dc:date>2020-10-27T20:15:16Z</dc:date>
1014 </item>
1015 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8639">
1016 <title>CVE-2019-8639 (icloud, iphone_os, itunes, safari, watchos)</title>
1017 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8639</link>
1018 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1019 <dc:date>2020-10-27T20:15:16Z</dc:date>
1020 </item>
1021 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8664">
1022 <title>CVE-2019-8664 (iphone_os, watchos)</title>
1023 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8664</link>
1024 <description>An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.</description>
1025 <dc:date>2020-10-27T21:15:12Z</dc:date>
1026 </item>
1027 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8668">
1028 <title>CVE-2019-8668 (iphone_os, tvos, watchos)</title>
1029 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8668</link>
1030 <description>A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.</description>
1031 <dc:date>2020-10-27T20:15:17Z</dc:date>
1032 </item>
1033 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8675">
1034 <title>CVE-2019-8675 (mac_os_x)</title>
1035 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8675</link>
1036 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.</description>
1037 <dc:date>2020-10-27T20:15:17Z</dc:date>
1038 </item>
1039 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8696">
1040 <title>CVE-2019-8696 (mac_os_x)</title>
1041 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8696</link>
1042 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.</description>
1043 <dc:date>2020-10-27T20:15:17Z</dc:date>
1044 </item>
1045 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8706">
1046 <title>CVE-2019-8706 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
1047 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8706</link>
1048 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may lead to arbitrary code execution.</description>
1049 <dc:date>2020-10-27T20:15:17Z</dc:date>
1050 </item>
1051 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8708">
1052 <title>CVE-2019-8708 (iphone_os, mac_os_x)</title>
1053 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8708</link>
1054 <description>A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.</description>
1055 <dc:date>2020-10-27T20:15:17Z</dc:date>
1056 </item>
1057 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8709">
1058 <title>CVE-2019-8709 (iphone_os, mac_os_x, tvos, watchos)</title>
1059 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8709</link>
1060 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be able to execute arbitrary code with kernel privileges.</description>
1061 <dc:date>2020-10-27T20:15:17Z</dc:date>
1062 </item>
1063 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8712">
1064 <title>CVE-2019-8712 (iphone_os, tvos, watchos)</title>
1065 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8712</link>
1066 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.</description>
1067 <dc:date>2020-10-27T20:15:17Z</dc:date>
1068 </item>
1069 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8715">
1070 <title>CVE-2019-8715 (iphone_os, mac_os_x)</title>
1071 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8715</link>
1072 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.</description>
1073 <dc:date>2020-10-27T20:15:17Z</dc:date>
1074 </item>
1075 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8716">
1076 <title>CVE-2019-8716 (mac_os_x)</title>
1077 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8716</link>
1078 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.</description>
1079 <dc:date>2020-10-27T20:15:17Z</dc:date>
1080 </item>
1081 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8718">
1082 <title>CVE-2019-8718 (iphone_os, tvos, watchos)</title>
1083 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8718</link>
1084 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.</description>
1085 <dc:date>2020-10-27T20:15:17Z</dc:date>
1086 </item>
1087 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8728">
1088 <title>CVE-2019-8728 (icloud, iphone_os, itunes, safari, tvos, watchos)</title>
1089 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8728</link>
1090 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1091 <dc:date>2020-10-27T20:15:17Z</dc:date>
1092 </item>
1093 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8732">
1094 <title>CVE-2019-8732 (iphone_os)</title>
1095 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8732</link>
1096 <description>The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.</description>
1097 <dc:date>2020-10-27T20:15:17Z</dc:date>
1098 </item>
1099 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8734">
1100 <title>CVE-2019-8734 (icloud, iphone_os, itunes, safari, tvos, watchos)</title>
1101 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8734</link>
1102 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1103 <dc:date>2020-10-27T20:15:18Z</dc:date>
1104 </item>
1105 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8736">
1106 <title>CVE-2019-8736 (mac_os_x)</title>
1107 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8736</link>
1108 <description>An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information.</description>
1109 <dc:date>2020-10-27T20:15:18Z</dc:date>
1110 </item>
1111 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8737">
1112 <title>CVE-2019-8737 (mac_os_x)</title>
1113 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8737</link>
1114 <description>A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.</description>
1115 <dc:date>2020-10-27T20:15:18Z</dc:date>
1116 </item>
1117 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8740">
1118 <title>CVE-2019-8740 (ipad_os, iphone_os, tvos, watchos)</title>
1119 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8740</link>
1120 <description>A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.</description>
1121 <dc:date>2020-10-27T20:15:18Z</dc:date>
1122 </item>
1123 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8744">
1124 <title>CVE-2019-8744 (iphone_os, mac_os_x, tvos, watchos)</title>
1125 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8744</link>
1126 <description>A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.</description>
1127 <dc:date>2020-10-27T20:15:18Z</dc:date>
1128 </item>
1129 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8746">
1130 <title>CVE-2019-8746 (icloud, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
1131 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8746</link>
1132 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.</description>
1133 <dc:date>2020-10-27T20:15:18Z</dc:date>
1134 </item>
1135 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8749">
1136 <title>CVE-2019-8749 (icloud, iphone_os, itunes, safari, tvos, watchos)</title>
1137 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8749</link>
1138 <description>Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.</description>
1139 <dc:date>2020-10-27T20:15:18Z</dc:date>
1140 </item>
1141 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8751">
1142 <title>CVE-2019-8751 (icloud, ipad_os, iphone_os, itunes, safari, tvos, watchos)</title>
1143 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8751</link>
1144 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1145 <dc:date>2020-10-27T20:15:18Z</dc:date>
1146 </item>
1147 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8752">
1148 <title>CVE-2019-8752 (icloud, ipad_os, iphone_os, itunes, safari, tvos, watchos)</title>
1149 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8752</link>
1150 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1151 <dc:date>2020-10-27T20:15:18Z</dc:date>
1152 </item>
1153 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8753">
1154 <title>CVE-2019-8753 (iphone_os, mac_os_x, tvos, watchos)</title>
1155 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8753</link>
1156 <description>This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.</description>
1157 <dc:date>2020-10-27T20:15:18Z</dc:date>
1158 </item>
1159 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8754">
1160 <title>CVE-2019-8754 (mac_os_x)</title>
1161 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8754</link>
1162 <description>A cross-origin issue existed with &quot;iframe&quot; elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information.</description>
1163 <dc:date>2020-10-27T20:15:18Z</dc:date>
1164 </item>
1165 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8756">
1166 <title>CVE-2019-8756 (icloud, itunes, mac_os_x, tvos, watchos)</title>
1167 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8756</link>
1168 <description>Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.</description>
1169 <dc:date>2020-10-27T20:15:18Z</dc:date>
1170 </item>
1171 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8759">
1172 <title>CVE-2019-8759 (mac_os_x)</title>
1173 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8759</link>
1174 <description>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A local user may be able to cause unexpected system termination or read kernel memory.</description>
1175 <dc:date>2020-10-27T20:15:18Z</dc:date>
1176 </item>
1177 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8761">
1178 <title>CVE-2019-8761 (mac_os_x)</title>
1179 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8761</link>
1180 <description>This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information.</description>
1181 <dc:date>2020-10-27T20:15:19Z</dc:date>
1182 </item>
1183 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8762">
1184 <title>CVE-2019-8762 (icloud, ipad_os, iphone_os, itunes, safari, tvos)</title>
1185 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8762</link>
1186 <description>A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.</description>
1187 <dc:date>2020-10-27T20:15:19Z</dc:date>
1188 </item>
1189 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8767">
1190 <title>CVE-2019-8767 (mac_os_x)</title>
1191 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8767</link>
1192 <description>A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.</description>
1193 <dc:date>2020-10-27T20:15:19Z</dc:date>
1194 </item>
1195 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8771">
1196 <title>CVE-2019-8771 (iphone_os, safari)</title>
1197 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8771</link>
1198 <description>This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.</description>
1199 <dc:date>2020-10-27T20:15:19Z</dc:date>
1200 </item>
1201 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8773">
1202 <title>CVE-2019-8773 (icloud, ipad_os, iphone_os, itunes, safari, tvos, watchos)</title>
1203 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8773</link>
1204 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1205 <dc:date>2020-10-27T20:15:19Z</dc:date>
1206 </item>
1207 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8774">
1208 <title>CVE-2019-8774 (ipad_os, iphone_os, mac_os_x)</title>
1209 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8774</link>
1210 <description>A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service.</description>
1211 <dc:date>2020-10-27T20:15:19Z</dc:date>
1212 </item>
1213 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8780">
1214 <title>CVE-2019-8780 (iphone_os, tvos)</title>
1215 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8780</link>
1216 <description>The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.</description>
1217 <dc:date>2020-10-27T20:15:19Z</dc:date>
1218 </item>
1219 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8796">
1220 <title>CVE-2019-8796 (ipados, iphone_os, mac_os_x, watchos)</title>
1221 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8796</link>
1222 <description>A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode.</description>
1223 <dc:date>2020-10-27T21:15:12Z</dc:date>
1224 </item>
1225 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8799">
1226 <title>CVE-2019-8799 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1227 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8799</link>
1228 <description>This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.</description>
1229 <dc:date>2020-10-27T20:15:19Z</dc:date>
1230 </item>
1231 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8809">
1232 <title>CVE-2019-8809 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1233 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8809</link>
1234 <description>A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.</description>
1235 <dc:date>2020-10-27T20:15:19Z</dc:date>
1236 </item>
1237 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8824">
1238 <title>CVE-2019-8824 (mac_os_x)</title>
1239 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8824</link>
1240 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges.</description>
1241 <dc:date>2020-10-27T20:15:19Z</dc:date>
1242 </item>
1243 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8825">
1244 <title>CVE-2019-8825 (icloud, iphone_os, itunes, mac_os_x)</title>
1245 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8825</link>
1246 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1247 <dc:date>2020-10-27T20:15:19Z</dc:date>
1248 </item>
1249 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8826">
1250 <title>CVE-2019-8826 (mac_os_x)</title>
1251 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8826</link>
1252 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1253 <dc:date>2020-10-27T20:15:20Z</dc:date>
1254 </item>
1255 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8827">
1256 <title>CVE-2019-8827 (icloud, ipados, iphone_os, itunes, safari, tvos)</title>
1257 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8827</link>
1258 <description>The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited.</description>
1259 <dc:date>2020-10-27T20:15:20Z</dc:date>
1260 </item>
1261 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8828">
1262 <title>CVE-2019-8828 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1263 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8828</link>
1264 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.</description>
1265 <dc:date>2020-10-27T20:15:20Z</dc:date>
1266 </item>
1267 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8829">
1268 <title>CVE-2019-8829 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1269 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8829</link>
1270 <description>A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.</description>
1271 <dc:date>2020-10-27T20:15:20Z</dc:date>
1272 </item>
1273 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8830">
1274 <title>CVE-2019-8830 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1275 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8830</link>
1276 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.</description>
1277 <dc:date>2020-10-27T20:15:20Z</dc:date>
1278 </item>
1279 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8831">
1280 <title>CVE-2019-8831 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1281 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8831</link>
1282 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.</description>
1283 <dc:date>2020-10-27T20:15:20Z</dc:date>
1284 </item>
1285 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8832">
1286 <title>CVE-2019-8832 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1287 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8832</link>
1288 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.</description>
1289 <dc:date>2020-10-27T20:15:20Z</dc:date>
1290 </item>
1291 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8833">
1292 <title>CVE-2019-8833 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1293 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8833</link>
1294 <description>A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.</description>
1295 <dc:date>2020-10-27T20:15:20Z</dc:date>
1296 </item>
1297 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8834">
1298 <title>CVE-2019-8834 (icloud, ipados, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
1299 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8834</link>
1300 <description>A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.</description>
1301 <dc:date>2020-10-27T20:15:20Z</dc:date>
1302 </item>
1303 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8835">
1304 <title>CVE-2019-8835 (icloud, ipados, iphone_os, itunes, safari, tvos)</title>
1305 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8835</link>
1306 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1307 <dc:date>2020-10-27T20:15:20Z</dc:date>
1308 </item>
1309 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8836">
1310 <title>CVE-2019-8836 (ipados, iphone_os, tvos, watchos)</title>
1311 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8836</link>
1312 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.</description>
1313 <dc:date>2020-10-27T20:15:20Z</dc:date>
1314 </item>
1315 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8837">
1316 <title>CVE-2019-8837 (mac_os_x)</title>
1317 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8837</link>
1318 <description>A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files.</description>
1319 <dc:date>2020-10-27T20:15:20Z</dc:date>
1320 </item>
1321 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8838">
1322 <title>CVE-2019-8838 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
1323 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8838</link>
1324 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.</description>
1325 <dc:date>2020-10-27T20:15:20Z</dc:date>
1326 </item>
1327 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8841">
1328 <title>CVE-2019-8841 (ipados, iphone_os)</title>
1329 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8841</link>
1330 <description>An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.</description>
1331 <dc:date>2020-10-27T20:15:21Z</dc:date>
1332 </item>
1333 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8842">
1334 <title>CVE-2019-8842 (mac_os_x)</title>
1335 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8842</link>
1336 <description>A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.</description>
1337 <dc:date>2020-10-27T20:15:21Z</dc:date>
1338 </item>
1339 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8844">
1340 <title>CVE-2019-8844 (icloud, ipados, iphone_os, itunes, safari, tvos, watchos)</title>
1341 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8844</link>
1342 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1343 <dc:date>2020-10-27T20:15:21Z</dc:date>
1344 </item>
1345 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8846">
1346 <title>CVE-2019-8846 (icloud, ipados, iphone_os, itunes, safari, tvos)</title>
1347 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8846</link>
1348 <description>A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.</description>
1349 <dc:date>2020-10-27T21:15:12Z</dc:date>
1350 </item>
1351 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8847">
1352 <title>CVE-2019-8847 (mac_os_x)</title>
1353 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8847</link>
1354 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.</description>
1355 <dc:date>2020-10-27T21:15:12Z</dc:date>
1356 </item>
1357 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8848">
1358 <title>CVE-2019-8848 (icloud, ipados, iphone_os, itunes, mac_os_x, safari, tvos, watchos)</title>
1359 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8848</link>
1360 <description>This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.</description>
1361 <dc:date>2020-10-27T21:15:13Z</dc:date>
1362 </item>
1363 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8850">
1364 <title>CVE-2019-8850 (ipados, iphone_os, mac_os_x, tvos)</title>
1365 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8850</link>
1366 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.</description>
1367 <dc:date>2020-10-27T21:15:13Z</dc:date>
1368 </item>
1369 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8852">
1370 <title>CVE-2019-8852 (mac_os_x)</title>
1371 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8852</link>
1372 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to execute arbitrary code with kernel privileges.</description>
1373 <dc:date>2020-10-27T21:15:13Z</dc:date>
1374 </item>
1375 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8853">
1376 <title>CVE-2019-8853 (mac_os_x)</title>
1377 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8853</link>
1378 <description>A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory.</description>
1379 <dc:date>2020-10-27T21:15:13Z</dc:date>
1380 </item>
1381 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8854">
1382 <title>CVE-2019-8854 (iphone_os, mac_os_x, tvos, watchos)</title>
1383 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8854</link>
1384 <description>A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.</description>
1385 <dc:date>2020-10-27T21:15:13Z</dc:date>
1386 </item>
1387 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8855">
1388 <title>CVE-2019-8855 (mac_os_x)</title>
1389 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8855</link>
1390 <description>An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access restricted files.</description>
1391 <dc:date>2020-10-27T21:15:13Z</dc:date>
1392 </item>
1393 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8856">
1394 <title>CVE-2019-8856 (ipados, iphone_os, mac_os_x, watchos)</title>
1395 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8856</link>
1396 <description>An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.</description>
1397 <dc:date>2020-10-27T21:15:13Z</dc:date>
1398 </item>
1399 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8898">
1400 <title>CVE-2019-8898 (ipados, iphone_os, itunes, safari, tvos)</title>
1401 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8898</link>
1402 <description>An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.</description>
1403 <dc:date>2020-10-27T21:15:13Z</dc:date>
1404 </item>
1405 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8901">
1406 <title>CVE-2019-8901 (ipados, iphone_os)</title>
1407 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8901</link>
1408 <description>This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the &acirc;&euro;&oelig;Run script over SSH&acirc;&euro;&#65533; action.</description>
1409 <dc:date>2020-10-27T21:15:13Z</dc:date>
1410 </item>
1411 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9080">
1412 <title>CVE-2019-9080 (domainmod)</title>
1413 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9080</link>
1414 <description>DomainMOD before 4.14.0 uses MD5 without a salt for password storage.</description>
1415 <dc:date>2020-10-20T20:15:14Z</dc:date>
1416 </item>
1417 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10256">
1418 <title>CVE-2020-10256 (command-line, scim)</title>
1419 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10256</link>
1420 <description>An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.</description>
1421 <dc:date>2020-10-27T14:15:13Z</dc:date>
1422 </item>
1423 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10721">
1424 <title>CVE-2020-10721 (fabric8-maven)</title>
1425 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10721</link>
1426 <description>A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</description>
1427 <dc:date>2020-10-22T20:15:12Z</dc:date>
1428 </item>
1429 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11496">
1430 <title>CVE-2020-11496 (sprecon-e)</title>
1431 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11496</link>
1432 <description>Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (&acirc;&euro;&oelig;PDLs&acirc;&euro;&#65533;), transferring them to the device, and restarting the device.</description>
1433 <dc:date>2020-10-19T19:15:14Z</dc:date>
1434 </item>
1435 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11637">
1436 <title>CVE-2020-11637 (automation_runtime)</title>
1437 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11637</link>
1438 <description>A memory leak in the TFTP service in B&amp;R Automation Runtime versions &lt;N4.26, &lt;N4.34, &lt;F4.45, &lt;E4.53, &lt;D4.63, &lt;A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.</description>
1439 <dc:date>2020-10-15T16:15:11Z</dc:date>
1440 </item>
1441 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11644">
1442 <title>CVE-2020-11644 (gatemanager_4260_firmware, gatemanager_8250_firmware, gatemanager_9250_firmware)</title>
1443 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11644</link>
1444 <description>The information disclosure vulnerability present in B&amp;R GateManager 4260 and 9250 versions &lt;9.0.20262 and GateManager 8250 versions &lt;9.2.620236042 allows authenticated users to generate fake audit log messages.</description>
1445 <dc:date>2020-10-15T15:15:11Z</dc:date>
1446 </item>
1447 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12401">
1448 <title>CVE-2020-12401 (firefox)</title>
1449 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12401</link>
1450 <description>During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox &lt; 80 and Firefox for Android &lt; 80.</description>
1451 <dc:date>2020-10-08T14:15:11Z</dc:date>
1452 </item>
1453 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12779">
1454 <title>CVE-2020-12779 (itop)</title>
1455 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12779</link>
1456 <description>Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.</description>
1457 <dc:date>2020-08-10T03:15:12Z</dc:date>
1458 </item>
1459 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12928">
1460 <title>CVE-2020-12928 (ryzen_master)</title>
1461 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12928</link>
1462 <description>A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system.</description>
1463 <dc:date>2020-10-13T22:15:13Z</dc:date>
1464 </item>
1465 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13333">
1466 <title>CVE-2020-13333 (gitlab)</title>
1467 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13333</link>
1468 <description>A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.</description>
1469 <dc:date>2020-10-06T19:15:13Z</dc:date>
1470 </item>
1471 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13341">
1472 <title>CVE-2020-13341 (gitlab)</title>
1473 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13341</link>
1474 <description>An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.</description>
1475 <dc:date>2020-10-12T14:15:12Z</dc:date>
1476 </item>
1477 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13778">
1478 <title>CVE-2020-13778 (rconfig)</title>
1479 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13778</link>
1480 <description>rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.</description>
1481 <dc:date>2020-10-19T13:15:13Z</dc:date>
1482 </item>
1483 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13893">
1484 <title>CVE-2020-13893 (easypay)</title>
1485 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13893</link>
1486 <description>Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).</description>
1487 <dc:date>2020-10-18T19:15:12Z</dc:date>
1488 </item>
1489 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13937">
1490 <title>CVE-2020-13937 (kylin)</title>
1491 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13937</link>
1492 <description>Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.</description>
1493 <dc:date>2020-10-19T21:15:12Z</dc:date>
1494 </item>
1495 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13943">
1496 <title>CVE-2020-13943 (debian_linux, tomcat)</title>
1497 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13943</link>
1498 <description>If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.</description>
1499 <dc:date>2020-10-12T14:15:12Z</dc:date>
1500 </item>
1501 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13955">
1502 <title>CVE-2020-13955 (calcite)</title>
1503 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13955</link>
1504 <description>HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.</description>
1505 <dc:date>2020-10-09T13:15:11Z</dc:date>
1506 </item>
1507 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14184">
1508 <title>CVE-2020-14184 (jira)</title>
1509 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14184</link>
1510 <description>Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.</description>
1511 <dc:date>2020-10-12T04:15:12Z</dc:date>
1512 </item>
1513 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14185">
1514 <title>CVE-2020-14185 (jira)</title>
1515 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14185</link>
1516 <description>Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.</description>
1517 <dc:date>2020-10-15T22:15:11Z</dc:date>
1518 </item>
1519 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14299">
1520 <title>CVE-2020-14299 (jboss_enterprise_application_platform, openshift_application_runtimes, single_sign-on)</title>
1521 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14299</link>
1522 <description>A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.</description>
1523 <dc:date>2020-10-16T14:15:11Z</dc:date>
1524 </item>
1525 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14355">
1526 <title>CVE-2020-14355 (enterprise_linux, enterprise_linux_aus, enterprise_linux_eus, enterprise_linux_tus, enterprise_linux_update_services_for_sap_solutions, openstack, spice, ubuntu_linux)</title>
1527 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14355</link>
1528 <description>Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.</description>
1529 <dc:date>2020-10-07T15:15:12Z</dc:date>
1530 </item>
1531 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14672">
1532 <title>CVE-2020-14672 (mysql, oncommand_insight, snapcenter)</title>
1533 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14672</link>
1534 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1535 <dc:date>2020-10-21T15:15:15Z</dc:date>
1536 </item>
1537 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14765">
1538 <title>CVE-2020-14765 (mysql, oncommand_insight, snapcenter)</title>
1539 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14765</link>
1540 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</description>
1541 <dc:date>2020-10-21T15:15:17Z</dc:date>
1542 </item>
1543 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14768">
1544 <title>CVE-2020-14768 (hyperion_analytic_provider_services)</title>
1545 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14768</link>
1546 <description>Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Hyperion Analytic Provider Services executes to compromise Hyperion Analytic Provider Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Analytic Provider Services accessible data as well as unauthorized read access to a subset of Hyperion Analytic Provider Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hyperion Analytic Provider Services. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).</description>
1547 <dc:date>2020-10-21T15:15:17Z</dc:date>
1548 </item>
1549 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14769">
1550 <title>CVE-2020-14769 (mysql)</title>
1551 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14769</link>
1552 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</description>
1553 <dc:date>2020-10-21T15:15:17Z</dc:date>
1554 </item>
1555 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14770">
1556 <title>CVE-2020-14770 (hyperion_bi+)</title>
1557 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14770</link>
1558 <description>Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hyperion BI+ accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).</description>
1559 <dc:date>2020-10-21T15:15:17Z</dc:date>
1560 </item>
1561 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14771">
1562 <title>CVE-2020-14771 (mysql, oncommand_insight, snapcenter)</title>
1563 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14771</link>
1564 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).</description>
1565 <dc:date>2020-10-21T15:15:17Z</dc:date>
1566 </item>
1567 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14772">
1568 <title>CVE-2020-14772 (hyperion_lifecycle_management)</title>
1569 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14772</link>
1570 <description>Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Lifecycle Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Lifecycle Management accessible data. CVSS 3.1 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).</description>
1571 <dc:date>2020-10-21T15:15:17Z</dc:date>
1572 </item>
1573 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14773">
1574 <title>CVE-2020-14773 (mysql, oncommand_insight, snapcenter)</title>
1575 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14773</link>
1576 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1577 <dc:date>2020-10-21T15:15:17Z</dc:date>
1578 </item>
1579 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14774">
1580 <title>CVE-2020-14774 (customer_relationship_management_technical_foundation)</title>
1581 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14774</link>
1582 <description>Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).</description>
1583 <dc:date>2020-10-21T15:15:17Z</dc:date>
1584 </item>
1585 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14775">
1586 <title>CVE-2020-14775 (mysql, oncommand_insight, snapcenter)</title>
1587 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14775</link>
1588 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</description>
1589 <dc:date>2020-10-21T15:15:17Z</dc:date>
1590 </item>
1591 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14776">
1592 <title>CVE-2020-14776 (mysql, oncommand_insight, snapcenter)</title>
1593 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14776</link>
1594 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1595 <dc:date>2020-10-21T15:15:17Z</dc:date>
1596 </item>
1597 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14777">
1598 <title>CVE-2020-14777 (mysql, oncommand_insight, snapcenter)</title>
1599 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14777</link>
1600 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1601 <dc:date>2020-10-21T15:15:18Z</dc:date>
1602 </item>
1603 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14778">
1604 <title>CVE-2020-14778 (peoplesoft_enterprise_human_capital_management_global_payroll_core)</title>
1605 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14778</link>
1606 <description>Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Global Payroll Core accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Global Payroll Core. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).</description>
1607 <dc:date>2020-10-21T15:15:18Z</dc:date>
1608 </item>
1609 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14779">
1610 <title>CVE-2020-14779 (debian_linux, fedora, jdk, jre)</title>
1611 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14779</link>
1612 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).</description>
1613 <dc:date>2020-10-21T15:15:18Z</dc:date>
1614 </item>
1615 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14780">
1616 <title>CVE-2020-14780 (business_intelligence_publisher)</title>
1617 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14780</link>
1618 <description>Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).</description>
1619 <dc:date>2020-10-21T15:15:18Z</dc:date>
1620 </item>
1621 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14781">
1622 <title>CVE-2020-14781 (jdk, jre)</title>
1623 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14781</link>
1624 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).</description>
1625 <dc:date>2020-10-21T15:15:18Z</dc:date>
1626 </item>
1627 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14782">
1628 <title>CVE-2020-14782 (debian_linux, jdk, jre)</title>
1629 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14782</link>
1630 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).</description>
1631 <dc:date>2020-10-21T15:15:18Z</dc:date>
1632 </item>
1633 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14783">
1634 <title>CVE-2020-14783 (hospitality_res_3700_firmware)</title>
1635 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14783</link>
1636 <description>Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL). The supported version that is affected is 5.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Hospitality RES 3700. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality RES 3700 accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).</description>
1637 <dc:date>2020-10-21T15:15:18Z</dc:date>
1638 </item>
1639 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14784">
1640 <title>CVE-2020-14784 (business_intelligence_publisher)</title>
1641 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14784</link>
1642 <description>Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</description>
1643 <dc:date>2020-10-21T15:15:18Z</dc:date>
1644 </item>
1645 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14785">
1646 <title>CVE-2020-14785 (mysql, oncommand_insight, snapcenter)</title>
1647 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14785</link>
1648 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1649 <dc:date>2020-10-21T15:15:18Z</dc:date>
1650 </item>
1651 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14787">
1652 <title>CVE-2020-14787 (communications_diameter_signaling_router)</title>
1653 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14787</link>
1654 <description>Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).</description>
1655 <dc:date>2020-10-21T15:15:18Z</dc:date>
1656 </item>
1657 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14788">
1658 <title>CVE-2020-14788 (communications_diameter_signaling_router)</title>
1659 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14788</link>
1660 <description>Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).</description>
1661 <dc:date>2020-10-21T15:15:18Z</dc:date>
1662 </item>
1663 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14792">
1664 <title>CVE-2020-14792 (debian_linux, jdk, jre)</title>
1665 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14792</link>
1666 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).</description>
1667 <dc:date>2020-10-21T15:15:19Z</dc:date>
1668 </item>
1669 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14796">
1670 <title>CVE-2020-14796 (jdk, jre)</title>
1671 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14796</link>
1672 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).</description>
1673 <dc:date>2020-10-21T15:15:19Z</dc:date>
1674 </item>
1675 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14797">
1676 <title>CVE-2020-14797 (jdk, jre)</title>
1677 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14797</link>
1678 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).</description>
1679 <dc:date>2020-10-21T15:15:19Z</dc:date>
1680 </item>
1681 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14798">
1682 <title>CVE-2020-14798 (jdk, jre)</title>
1683 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14798</link>
1684 <description>Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).</description>
1685 <dc:date>2020-10-21T15:15:19Z</dc:date>
1686 </item>
1687 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14800">
1688 <title>CVE-2020-14800 (mysql, oncommand_insight, snapcenter)</title>
1689 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14800</link>
1690 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</description>
1691 <dc:date>2020-10-21T15:15:19Z</dc:date>
1692 </item>
1693 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14812">
1694 <title>CVE-2020-14812 (mysql, oncommand_insight, snapcenter)</title>
1695 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14812</link>
1696 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1697 <dc:date>2020-10-21T15:15:20Z</dc:date>
1698 </item>
1699 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14831">
1700 <title>CVE-2020-14831 (marketing)</title>
1701 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14831</link>
1702 <description>Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</description>
1703 <dc:date>2020-10-21T15:15:22Z</dc:date>
1704 </item>
1705 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14836">
1706 <title>CVE-2020-14836 (mysql, oncommand_insight, snapcenter)</title>
1707 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14836</link>
1708 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</description>
1709 <dc:date>2020-10-21T15:15:22Z</dc:date>
1710 </item>
1711 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14837">
1712 <title>CVE-2020-14837 (mysql, oncommand_insight, snapcenter)</title>
1713 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14837</link>
1714 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1715 <dc:date>2020-10-21T15:15:22Z</dc:date>
1716 </item>
1717 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14838">
1718 <title>CVE-2020-14838 (mysql, oncommand_insight, snapcenter)</title>
1719 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14838</link>
1720 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</description>
1721 <dc:date>2020-10-21T15:15:22Z</dc:date>
1722 </item>
1723 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14839">
1724 <title>CVE-2020-14839 (mysql, oncommand_insight, snapcenter)</title>
1725 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14839</link>
1726 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1727 <dc:date>2020-10-21T15:15:22Z</dc:date>
1728 </item>
1729 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14840">
1730 <title>CVE-2020-14840 (application_object_library)</title>
1731 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14840</link>
1732 <description>Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).</description>
1733 <dc:date>2020-10-21T15:15:22Z</dc:date>
1734 </item>
1735 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14842">
1736 <title>CVE-2020-14842 (business_intelligence_publisher)</title>
1737 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14842</link>
1738 <description>Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</description>
1739 <dc:date>2020-10-21T15:15:22Z</dc:date>
1740 </item>
1741 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14843">
1742 <title>CVE-2020-14843 (business_intelligence)</title>
1743 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14843</link>
1744 <description>Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).</description>
1745 <dc:date>2020-10-21T15:15:22Z</dc:date>
1746 </item>
1747 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14845">
1748 <title>CVE-2020-14845 (mysql, oncommand_insight, snapcenter)</title>
1749 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14845</link>
1750 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1751 <dc:date>2020-10-21T15:15:22Z</dc:date>
1752 </item>
1753 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14847">
1754 <title>CVE-2020-14847 (peoplesoft_enterprise_peopletools)</title>
1755 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14847</link>
1756 <description>Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).</description>
1757 <dc:date>2020-10-21T15:15:23Z</dc:date>
1758 </item>
1759 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14850">
1760 <title>CVE-2020-14850 (customer_relationship_management_technical_foundation)</title>
1761 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14850</link>
1762 <description>Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</description>
1763 <dc:date>2020-10-21T15:15:23Z</dc:date>
1764 </item>
1765 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14851">
1766 <title>CVE-2020-14851 (trade_management)</title>
1767 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14851</link>
1768 <description>Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Trade Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).</description>
1769 <dc:date>2020-10-21T15:15:23Z</dc:date>
1770 </item>
1771 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14852">
1772 <title>CVE-2020-14852 (mysql, oncommand_insight, snapcenter)</title>
1773 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14852</link>
1774 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1775 <dc:date>2020-10-21T15:15:23Z</dc:date>
1776 </item>
1777 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14853">
1778 <title>CVE-2020-14853 (mysql_cluster, oncommand_insight, snapcenter)</title>
1779 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14853</link>
1780 <description>Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).</description>
1781 <dc:date>2020-10-21T15:15:23Z</dc:date>
1782 </item>
1783 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14854">
1784 <title>CVE-2020-14854 (hyperion_infrastructure_technology)</title>
1785 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14854</link>
1786 <description>Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Infrastructure Technology accessible data as well as unauthorized access to critical data or complete access to all Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).</description>
1787 <dc:date>2020-10-21T15:15:23Z</dc:date>
1788 </item>
1789 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14860">
1790 <title>CVE-2020-14860 (mysql)</title>
1791 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14860</link>
1792 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).</description>
1793 <dc:date>2020-10-21T15:15:23Z</dc:date>
1794 </item>
1795 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14861">
1796 <title>CVE-2020-14861 (mysql)</title>
1797 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14861</link>
1798 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1799 <dc:date>2020-10-21T15:15:23Z</dc:date>
1800 </item>
1801 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14866">
1802 <title>CVE-2020-14866 (mysql)</title>
1803 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14866</link>
1804 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1805 <dc:date>2020-10-21T15:15:24Z</dc:date>
1806 </item>
1807 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14867">
1808 <title>CVE-2020-14867 (mysql)</title>
1809 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14867</link>
1810 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1811 <dc:date>2020-10-21T15:15:24Z</dc:date>
1812 </item>
1813 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14868">
1814 <title>CVE-2020-14868 (mysql)</title>
1815 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14868</link>
1816 <description>Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description>
1817 <dc:date>2020-10-21T15:15:24Z</dc:date>
1818 </item>
1819 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14876">
1820 <title>CVE-2020-14876 (trade_management)</title>
1821 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14876</link>
1822 <description>Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).</description>
1823 <dc:date>2020-10-21T15:15:24Z</dc:date>
1824 </item>
1825 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14877">
1826 <title>CVE-2020-14877 (hospitality_opera_5_property_services)</title>
1827 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14877</link>
1828 <description>Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).</description>
1829 <dc:date>2020-10-21T15:15:24Z</dc:date>
1830 </item>
1831 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14880">
1832 <title>CVE-2020-14880 (business_intelligence_publisher)</title>
1833 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14880</link>
1834 <description>Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N).</description>
1835 <dc:date>2020-10-21T15:15:25Z</dc:date>
1836 </item>
1837 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14881">
1838 <title>CVE-2020-14881 (vm_virtualbox)</title>
1839 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14881</link>
1840 <description>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).</description>
1841 <dc:date>2020-10-21T15:15:25Z</dc:date>
1842 </item>
1843 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14882">
1844 <title>CVE-2020-14882 (weblogic_server)</title>
1845 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14882</link>
1846 <description>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).</description>
1847 <dc:date>2020-10-21T15:15:25Z</dc:date>
1848 </item>
1849 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14883">
1850 <title>CVE-2020-14883 (weblogic_server)</title>
1851 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14883</link>
1852 <description>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).</description>
1853 <dc:date>2020-10-21T15:15:25Z</dc:date>
1854 </item>
1855 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14884">
1856 <title>CVE-2020-14884 (vm_virtualbox)</title>
1857 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14884</link>
1858 <description>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).</description>
1859 <dc:date>2020-10-21T15:15:25Z</dc:date>
1860 </item>
1861 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14885">
1862 <title>CVE-2020-14885 (vm_virtualbox)</title>
1863 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14885</link>
1864 <description>Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).</description>
1865 <dc:date>2020-10-21T15:15:25Z</dc:date>
1866 </item>
1867 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15002">
1868 <title>CVE-2020-15002 (open-xchange_appsuite)</title>
1869 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15002</link>
1870 <description>OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.</description>
1871 <dc:date>2020-10-23T05:15:13Z</dc:date>
1872 </item>
1873 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15003">
1874 <title>CVE-2020-15003 (open-xchange_appsuite)</title>
1875 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15003</link>
1876 <description>OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).</description>
1877 <dc:date>2020-10-23T05:15:13Z</dc:date>
1878 </item>
1879 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15004">
1880 <title>CVE-2020-15004 (open-xchange_appsuite)</title>
1881 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15004</link>
1882 <description>OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.</description>
1883 <dc:date>2020-10-23T05:15:13Z</dc:date>
1884 </item>
1885 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15157">
1886 <title>CVE-2020-15157 (containerd, ubuntu_linux)</title>
1887 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15157</link>
1888 <description>In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a &acirc;&euro;&oelig;foreign layer&acirc;&euro;&#65533;), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.</description>
1889 <dc:date>2020-10-16T17:15:11Z</dc:date>
1890 </item>
1891 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15224">
1892 <title>CVE-2020-15224 (openenclave)</title>
1893 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15224</link>
1894 <description>In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.</description>
1895 <dc:date>2020-10-14T19:15:13Z</dc:date>
1896 </item>
1897 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15229">
1898 <title>CVE-2020-15229 (singularity)</title>
1899 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15229</link>
1900 <description>Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that.</description>
1901 <dc:date>2020-10-14T19:15:13Z</dc:date>
1902 </item>
1903 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15233">
1904 <title>CVE-2020-15233 (fosite)</title>
1905 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15233</link>
1906 <description>ORY Fosite is a security first OAuth2 &amp; OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.</description>
1907 <dc:date>2020-10-02T21:15:12Z</dc:date>
1908 </item>
1909 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15240">
1910 <title>CVE-2020-15240 (omniauth-auth0)</title>
1911 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15240</link>
1912 <description>omniauth-auth0 (rubygems) versions &gt;= 2.3.0 and &lt; 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK&acirc;&euro;&trade;s default Authorization Code Flow. The issue is patched in version 2.4.1.</description>
1913 <dc:date>2020-10-21T18:15:12Z</dc:date>
1914 </item>
1915 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15245">
1916 <title>CVE-2020-15245 (sylius)</title>
1917 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15245</link>
1918 <description>In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.</description>
1919 <dc:date>2020-10-19T21:15:12Z</dc:date>
1920 </item>
1921 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15250">
1922 <title>CVE-2020-15250 (junit4)</title>
1923 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15250</link>
1924 <description>In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.</description>
1925 <dc:date>2020-10-12T18:15:13Z</dc:date>
1926 </item>
1927 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15251">
1928 <title>CVE-2020-15251 (channelmgnt)</title>
1929 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15251</link>
1930 <description>In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg.</description>
1931 <dc:date>2020-10-13T18:15:12Z</dc:date>
1932 </item>
1933 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15252">
1934 <title>CVE-2020-15252 (xwiki)</title>
1935 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15252</link>
1936 <description>In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6.</description>
1937 <dc:date>2020-10-16T17:15:11Z</dc:date>
1938 </item>
1939 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15254">
1940 <title>CVE-2020-15254 (crossbeam)</title>
1941 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15254</link>
1942 <description>Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.</description>
1943 <dc:date>2020-10-16T17:15:12Z</dc:date>
1944 </item>
1945 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15255">
1946 <title>CVE-2020-15255 (time_tracker)</title>
1947 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15255</link>
1948 <description>In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.</description>
1949 <dc:date>2020-10-16T17:15:12Z</dc:date>
1950 </item>
1951 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15256">
1952 <title>CVE-2020-15256 (object-path)</title>
1953 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15256</link>
1954 <description>A prototype pollution vulnerability has been found in `object-path` &lt;= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version &gt;= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version &gt;= 0.11.0 is used. Any usage of `set()` in versions &lt; 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version &gt;= 0.11.0.</description>
1955 <dc:date>2020-10-19T22:15:13Z</dc:date>
1956 </item>
1957 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15258">
1958 <title>CVE-2020-15258 (wire)</title>
1959 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15258</link>
1960 <description>In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.</description>
1961 <dc:date>2020-10-16T17:15:12Z</dc:date>
1962 </item>
1963 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15261">
1964 <title>CVE-2020-15261 (veyon)</title>
1965 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15261</link>
1966 <description>On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.</description>
1967 <dc:date>2020-10-19T22:15:13Z</dc:date>
1968 </item>
1969 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15262">
1970 <title>CVE-2020-15262 (webpack-subresource-integrity)</title>
1971 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15262</link>
1972 <description>In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.</description>
1973 <dc:date>2020-10-19T20:15:12Z</dc:date>
1974 </item>
1975 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15269">
1976 <title>CVE-2020-15269 (spree)</title>
1977 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15269</link>
1978 <description>In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.</description>
1979 <dc:date>2020-10-20T21:15:12Z</dc:date>
1980 </item>
1981 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15270">
1982 <title>CVE-2020-15270 (parse-server)</title>
1983 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15270</link>
1984 <description>Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.</description>
1985 <dc:date>2020-10-22T22:15:12Z</dc:date>
1986 </item>
1987 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15272">
1988 <title>CVE-2020-15272 (git-tag-annotation-action)</title>
1989 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15272</link>
1990 <description>In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. The problem has been patched in version 1.0.1. If you don't use the `tag` input you are most likely safe. The `GITHUB_REF` environment variable is protected by the GitHub Actions environment so attacks from there should be impossible. If you must use the `tag` input and cannot upgrade to `&gt; 1.0.0` make sure that the value is not controlled by another Action.</description>
1991 <dc:date>2020-10-26T19:15:12Z</dc:date>
1992 </item>
1993 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15274">
1994 <title>CVE-2020-15274 (wiki.js)</title>
1995 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15274</link>
1996 <description>In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results.</description>
1997 <dc:date>2020-10-26T19:15:12Z</dc:date>
1998 </item>
1999 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15680">
2000 <title>CVE-2020-15680 (firefox)</title>
2001 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15680</link>
2002 <description>If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox &lt; 82.</description>
2003 <dc:date>2020-10-22T21:15:13Z</dc:date>
2004 </item>
2005 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15681">
2006 <title>CVE-2020-15681 (firefox)</title>
2007 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15681</link>
2008 <description>When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox &lt; 82.</description>
2009 <dc:date>2020-10-22T21:15:13Z</dc:date>
2010 </item>
2011 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15682">
2012 <title>CVE-2020-15682 (firefox)</title>
2013 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15682</link>
2014 <description>When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox &lt; 82.</description>
2015 <dc:date>2020-10-22T21:15:13Z</dc:date>
2016 </item>
2017 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15683">
2018 <title>CVE-2020-15683 (debian_linux, firefox, firefox_esr, leap, thunderbird)</title>
2019 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15683</link>
2020 <description>Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.4, Firefox &lt; 82, and Thunderbird &lt; 78.4.</description>
2021 <dc:date>2020-10-22T21:15:13Z</dc:date>
2022 </item>
2023 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15684">
2024 <title>CVE-2020-15684 (firefox)</title>
2025 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15684</link>
2026 <description>Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 82.</description>
2027 <dc:date>2020-10-22T21:15:13Z</dc:date>
2028 </item>
2029 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15797">
2030 <title>CVE-2020-15797 (dca_vantage_analyzer_firmware)</title>
2031 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15797</link>
2032 <description>A vulnerability has been identified in DCA Vantage Analyzer (All versions &lt; V4.5 are affected by CVE-2020-7590. In addition, serial numbers &lt; 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (&acirc;&euro;&oelig;kiosk mode&acirc;&euro;&#65533;) and access the underlying operating system. Successful exploitation requires direct physical access to the system.</description>
2033 <dc:date>2020-10-13T16:15:21Z</dc:date>
2034 </item>
2035 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15838">
2036 <title>CVE-2020-15838 (automate)</title>
2037 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15838</link>
2038 <description>The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.</description>
2039 <dc:date>2020-10-09T07:15:10Z</dc:date>
2040 </item>
2041 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15909">
2042 <title>CVE-2020-15909 (n-central)</title>
2043 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15909</link>
2044 <description>SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers&acirc;&euro;&trade; workstation by browsing to the victim&acirc;&euro;&trade;s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.</description>
2045 <dc:date>2020-10-19T13:15:13Z</dc:date>
2046 </item>
2047 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15910">
2048 <title>CVE-2020-15910 (n-central)</title>
2049 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15910</link>
2050 <description>SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.</description>
2051 <dc:date>2020-10-19T13:15:13Z</dc:date>
2052 </item>
2053 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15931">
2054 <title>CVE-2020-15931 (account_lockout_examiner)</title>
2055 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15931</link>
2056 <description>Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.</description>
2057 <dc:date>2020-10-20T20:15:14Z</dc:date>
2058 </item>
2059 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16140">
2060 <title>CVE-2020-16140 (greenmart)</title>
2061 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16140</link>
2062 <description>The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.</description>
2063 <dc:date>2020-10-27T22:15:12Z</dc:date>
2064 </item>
2065 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16159">
2066 <title>CVE-2020-16159 (gpmf-parser)</title>
2067 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16159</link>
2068 <description>GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.</description>
2069 <dc:date>2020-10-19T18:15:12Z</dc:date>
2070 </item>
2071 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16160">
2072 <title>CVE-2020-16160 (gpmf-parser)</title>
2073 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16160</link>
2074 <description>GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.</description>
2075 <dc:date>2020-10-19T18:15:12Z</dc:date>
2076 </item>
2077 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16161">
2078 <title>CVE-2020-16161 (gpmf-parser)</title>
2079 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16161</link>
2080 <description>GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.</description>
2081 <dc:date>2020-10-19T18:15:12Z</dc:date>
2082 </item>
2083 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16246">
2084 <title>CVE-2020-16246 (s2020_firmware, s2024_firmware)</title>
2085 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16246</link>
2086 <description>The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.</description>
2087 <dc:date>2020-10-20T15:15:12Z</dc:date>
2088 </item>
2089 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1656">
2090 <title>CVE-2020-1656 (junos)</title>
2091 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1656</link>
2092 <description>The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.</description>
2093 <dc:date>2020-10-16T21:15:12Z</dc:date>
2094 </item>
2095 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1657">
2096 <title>CVE-2020-1657 (junos)</title>
2097 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1657</link>
2098 <description>On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.</description>
2099 <dc:date>2020-10-16T21:15:12Z</dc:date>
2100 </item>
2101 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1660">
2102 <title>CVE-2020-1660 (junos)</title>
2103 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1660</link>
2104 <description>When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing &quot;URL Filtering service&quot;, may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.</description>
2105 <dc:date>2020-10-16T21:15:12Z</dc:date>
2106 </item>
2107 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1661">
2108 <title>CVE-2020-1661 (junos)</title>
2109 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1661</link>
2110 <description>On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5.</description>
2111 <dc:date>2020-10-16T21:15:12Z</dc:date>
2112 </item>
2113 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1662">
2114 <title>CVE-2020-1662 (junos)</title>
2115 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1662</link>
2116 <description>On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.</description>
2117 <dc:date>2020-10-16T21:15:12Z</dc:date>
2118 </item>
2119 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1664">
2120 <title>CVE-2020-1664 (junos)</title>
2121 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1664</link>
2122 <description>A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability.</description>
2123 <dc:date>2020-10-16T21:15:12Z</dc:date>
2124 </item>
2125 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1665">
2126 <title>CVE-2020-1665 (junos)</title>
2127 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1665</link>
2128 <description>On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.</description>
2129 <dc:date>2020-10-16T21:15:12Z</dc:date>
2130 </item>
2131 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1666">
2132 <title>CVE-2020-1666 (junos_evolved)</title>
2133 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1666</link>
2134 <description>The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.</description>
2135 <dc:date>2020-10-16T21:15:12Z</dc:date>
2136 </item>
2137 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1667">
2138 <title>CVE-2020-1667 (junos)</title>
2139 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1667</link>
2140 <description>When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing &quot;URL Filtering service&quot;, can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.</description>
2141 <dc:date>2020-10-16T21:15:12Z</dc:date>
2142 </item>
2143 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1668">
2144 <title>CVE-2020-1668 (junos)</title>
2145 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1668</link>
2146 <description>On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host&gt; show chassis routing-engine Routing Engine status: ... Idle 2 percent the &quot;Idle&quot; value shows as low (2 % in the example above), and also the following command: user@host&gt; show system processes summary ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.</description>
2147 <dc:date>2020-10-16T21:15:12Z</dc:date>
2148 </item>
2149 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1669">
2150 <title>CVE-2020-1669 (junos)</title>
2151 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1669</link>
2152 <description>The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.</description>
2153 <dc:date>2020-10-16T21:15:12Z</dc:date>
2154 </item>
2155 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1670">
2156 <title>CVE-2020-1670 (junos)</title>
2157 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1670</link>
2158 <description>On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.</description>
2159 <dc:date>2020-10-16T21:15:12Z</dc:date>
2160 </item>
2161 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1671">
2162 <title>CVE-2020-1671 (junos)</title>
2163 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1671</link>
2164 <description>On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.</description>
2165 <dc:date>2020-10-16T21:15:13Z</dc:date>
2166 </item>
2167 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1672">
2168 <title>CVE-2020-1672 (junos)</title>
2169 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1672</link>
2170 <description>On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.</description>
2171 <dc:date>2020-10-16T21:15:13Z</dc:date>
2172 </item>
2173 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1673">
2174 <title>CVE-2020-1673 (junos)</title>
2175 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1673</link>
2176 <description>Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device&gt; show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.</description>
2177 <dc:date>2020-10-16T21:15:13Z</dc:date>
2178 </item>
2179 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1674">
2180 <title>CVE-2020-1674 (junos, junos_evolved)</title>
2181 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1674</link>
2182 <description>Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the &quot;bounded receive delay&quot;, there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.</description>
2183 <dc:date>2020-10-16T21:15:13Z</dc:date>
2184 </item>
2185 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1675">
2186 <title>CVE-2020-1675 (mist_cloud_ui)</title>
2187 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1675</link>
2188 <description>When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.</description>
2189 <dc:date>2020-10-16T21:15:13Z</dc:date>
2190 </item>
2191 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1676">
2192 <title>CVE-2020-1676 (mist_cloud_ui)</title>
2193 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1676</link>
2194 <description>When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.</description>
2195 <dc:date>2020-10-16T21:15:13Z</dc:date>
2196 </item>
2197 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1677">
2198 <title>CVE-2020-1677 (mist_cloud_ui)</title>
2199 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1677</link>
2200 <description>When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.</description>
2201 <dc:date>2020-10-16T21:15:13Z</dc:date>
2202 </item>
2203 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1678">
2204 <title>CVE-2020-1678 (junos, junos_evolved)</title>
2205 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1678</link>
2206 <description>On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the &quot;show task memory detail | match policy | match evpn&quot; command multiple times to check if memory (Alloc Blocks value) is increasing. root@device&gt; show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device&gt; show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.</description>
2207 <dc:date>2020-10-16T21:15:13Z</dc:date>
2208 </item>
2209 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1679">
2210 <title>CVE-2020-1679 (junos)</title>
2211 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1679</link>
2212 <description>On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device &gt; show krt state ... Number of async queue entries: 65007 &lt;--- this value keep on increasing. When this issue occurs, the following message might appear in the /var/log/messages: DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd This issue affects Juniper Networks Junos OS on PTX/QFX Series: 17.2X75 versions prior to 17.2X75-D105; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.</description>
2213 <dc:date>2020-10-16T21:15:13Z</dc:date>
2214 </item>
2215 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1680">
2216 <title>CVE-2020-1680 (junos)</title>
2217 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1680</link>
2218 <description>On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2.</description>
2219 <dc:date>2020-10-16T21:15:13Z</dc:date>
2220 </item>
2221 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1681">
2222 <title>CVE-2020-1681 (junos_evolved)</title>
2223 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1681</link>
2224 <description>Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.</description>
2225 <dc:date>2020-10-16T21:15:13Z</dc:date>
2226 </item>
2227 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1682">
2228 <title>CVE-2020-1682 (junos)</title>
2229 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1682</link>
2230 <description>An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version.</description>
2231 <dc:date>2020-10-16T21:15:13Z</dc:date>
2232 </item>
2233 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1683">
2234 <title>CVE-2020-1683 (junos)</title>
2235 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1683</link>
2236 <description>On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device&gt; show system virtual-memory | match &quot;pfe_ipc|kmem&quot; pfe_ipc 147 5K - 164352 16,32,64,8192 &lt;-- increasing vm.kmem_map_free: 127246336 &lt;-- decreasing pfe_ipc 0 0K - 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.</description>
2237 <dc:date>2020-10-16T21:15:14Z</dc:date>
2238 </item>
2239 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1684">
2240 <title>CVE-2020-1684 (junos)</title>
2241 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1684</link>
2242 <description>On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.</description>
2243 <dc:date>2020-10-16T21:15:14Z</dc:date>
2244 </item>
2245 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1685">
2246 <title>CVE-2020-1685 (junos)</title>
2247 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1685</link>
2248 <description>When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2.</description>
2249 <dc:date>2020-10-16T21:15:14Z</dc:date>
2250 </item>
2251 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1686">
2252 <title>CVE-2020-1686 (junos)</title>
2253 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1686</link>
2254 <description>On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.</description>
2255 <dc:date>2020-10-16T21:15:14Z</dc:date>
2256 </item>
2257 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1687">
2258 <title>CVE-2020-1687 (junos)</title>
2259 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1687</link>
2260 <description>On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.</description>
2261 <dc:date>2020-10-16T21:15:14Z</dc:date>
2262 </item>
2263 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1688">
2264 <title>CVE-2020-1688 (junos)</title>
2265 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1688</link>
2266 <description>On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.</description>
2267 <dc:date>2020-10-16T21:15:14Z</dc:date>
2268 </item>
2269 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16885">
2270 <title>CVE-2020-16885 (windows_10, windows_server_2016, windows_server_2019)</title>
2271 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16885</link>
2272 <description>An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka 'Windows Storage VSP Driver Elevation of Privilege Vulnerability'.</description>
2273 <dc:date>2020-10-16T23:15:12Z</dc:date>
2274 </item>
2275 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16887">
2276 <title>CVE-2020-16887 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2277 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16887</link>
2278 <description>An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.</description>
2279 <dc:date>2020-10-16T23:15:12Z</dc:date>
2280 </item>
2281 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16889">
2282 <title>CVE-2020-16889 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2283 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16889</link>
2284 <description>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.</description>
2285 <dc:date>2020-10-16T23:15:12Z</dc:date>
2286 </item>
2287 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1689">
2288 <title>CVE-2020-1689 (junos)</title>
2289 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1689</link>
2290 <description>On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.</description>
2291 <dc:date>2020-10-16T21:15:14Z</dc:date>
2292 </item>
2293 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16890">
2294 <title>CVE-2020-16890 (windows_10, windows_server_2016, windows_server_2019)</title>
2295 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16890</link>
2296 <description>An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.</description>
2297 <dc:date>2020-10-16T23:15:12Z</dc:date>
2298 </item>
2299 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16892">
2300 <title>CVE-2020-16892 (windows_10, windows_8.1, windows_rt_8.1, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2301 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16892</link>
2302 <description>An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory.An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.The security update addresses the vulnerability by ensuring the Windows kernel image properly handles objects in memory., aka 'Windows Image Elevation of Privilege Vulnerability'.</description>
2303 <dc:date>2020-10-16T23:15:13Z</dc:date>
2304 </item>
2305 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16900">
2306 <title>CVE-2020-16900 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2307 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16900</link>
2308 <description>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.</description>
2309 <dc:date>2020-10-16T23:15:13Z</dc:date>
2310 </item>
2311 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16902">
2312 <title>CVE-2020-16902 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2313 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16902</link>
2314 <description>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.</description>
2315 <dc:date>2020-10-16T23:15:13Z</dc:date>
2316 </item>
2317 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16904">
2318 <title>CVE-2020-16904 (azure_functions)</title>
2319 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16904</link>
2320 <description>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka 'Azure Functions Elevation of Privilege Vulnerability'.</description>
2321 <dc:date>2020-10-16T23:15:13Z</dc:date>
2322 </item>
2323 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16916">
2324 <title>CVE-2020-16916 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)</title>
2325 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16916</link>
2326 <description>An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16935.</description>
2327 <dc:date>2020-10-16T23:15:14Z</dc:date>
2328 </item>
2329 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17381">
2330 <title>CVE-2020-17381 (total_commander)</title>
2331 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17381</link>
2332 <description>An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary.</description>
2333 <dc:date>2020-10-21T19:15:14Z</dc:date>
2334 </item>
2335 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17406">
2336 <title>CVE-2020-17406 (bullet-lte_firmware)</title>
2337 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17406</link>
2338 <description>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.</description>
2339 <dc:date>2020-10-13T17:15:13Z</dc:date>
2340 </item>
2341 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17407">
2342 <title>CVE-2020-17407 (bullet-lte_firmware)</title>
2343 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17407</link>
2344 <description>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of authentication headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10596.</description>
2345 <dc:date>2020-10-13T17:15:13Z</dc:date>
2346 </item>
2347 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17454">
2348 <title>CVE-2020-17454 (api_manager)</title>
2349 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17454</link>
2350 <description>WSO2 API Manager 3.1.0 and earlier has reflected XSS on the &quot;publisher&quot; component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appears that writes an error message concatenated to the injected payload (without any form of data encoding). This can also be exploited via CSRF.</description>
2351 <dc:date>2020-10-21T22:15:12Z</dc:date>
2352 </item>
2353 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18129">
2354 <title>CVE-2020-18129 (eyoucms)</title>
2355 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18129</link>
2356 <description>A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.</description>
2357 <dc:date>2020-10-22T21:15:13Z</dc:date>
2358 </item>
2359 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18766">
2360 <title>CVE-2020-18766 (antsword)</title>
2361 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18766</link>
2362 <description>A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.</description>
2363 <dc:date>2020-10-26T16:15:13Z</dc:date>
2364 </item>
2365 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20627">
2366 <title>CVE-2020-20627 (givewp)</title>
2367 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20627</link>
2368 <description>The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.</description>
2369 <dc:date>2020-08-31T16:15:15Z</dc:date>
2370 </item>
2371 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21674">
2372 <title>CVE-2020-21674 (libarchive)</title>
2373 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21674</link>
2374 <description>Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.</description>
2375 <dc:date>2020-10-15T15:15:11Z</dc:date>
2376 </item>
2377 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23864">
2378 <title>CVE-2020-23864 (malware_fighter)</title>
2379 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23864</link>
2380 <description>An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.</description>
2381 <dc:date>2020-10-27T14:15:13Z</dc:date>
2382 </item>
2383 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23945">
2384 <title>CVE-2020-23945 (victor_cms)</title>
2385 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23945</link>
2386 <description>A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.</description>
2387 <dc:date>2020-10-27T15:15:13Z</dc:date>
2388 </item>
2389 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24303">
2390 <title>CVE-2020-24303 (grafana)</title>
2391 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24303</link>
2392 <description>Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.</description>
2393 <dc:date>2020-10-28T14:15:12Z</dc:date>
2394 </item>
2395 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24352">
2396 <title>CVE-2020-24352 (qemu)</title>
2397 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24352</link>
2398 <description>An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.</description>
2399 <dc:date>2020-10-16T06:15:12Z</dc:date>
2400 </item>
2401 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24375">
2402 <title>CVE-2020-24375 (freebox_server, freebox_v5_firmware)</title>
2403 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24375</link>
2404 <description>A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.</description>
2405 <dc:date>2020-10-19T19:15:14Z</dc:date>
2406 </item>
2407 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24387">
2408 <title>CVE-2020-24387 (fedora, yubihsm-shell)</title>
2409 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24387</link>
2410 <description>An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.</description>
2411 <dc:date>2020-10-19T20:15:12Z</dc:date>
2412 </item>
2413 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24388">
2414 <title>CVE-2020-24388 (fedora, yubihsm-shell)</title>
2415 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24388</link>
2416 <description>An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.</description>
2417 <dc:date>2020-10-19T20:15:12Z</dc:date>
2418 </item>
2419 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24418">
2420 <title>CVE-2020-24418 (after_effects)</title>
2421 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24418</link>
2422 <description>Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit.</description>
2423 <dc:date>2020-10-21T21:15:12Z</dc:date>
2424 </item>
2425 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24419">
2426 <title>CVE-2020-24419 (after_effects)</title>
2427 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24419</link>
2428 <description>Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</description>
2429 <dc:date>2020-10-21T21:15:12Z</dc:date>
2430 </item>
2431 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24420">
2432 <title>CVE-2020-24420 (photoshop)</title>
2433 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24420</link>
2434 <description>Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</description>
2435 <dc:date>2020-10-21T21:15:12Z</dc:date>
2436 </item>
2437 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24423">
2438 <title>CVE-2020-24423 (media_encoder)</title>
2439 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24423</link>
2440 <description>Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</description>
2441 <dc:date>2020-10-21T21:15:12Z</dc:date>
2442 </item>
2443 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24551">
2444 <title>CVE-2020-24551 (mmc+)</title>
2445 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24551</link>
2446 <description>IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials.</description>
2447 <dc:date>2020-10-14T13:15:13Z</dc:date>
2448 </item>
2449 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24631">
2450 <title>CVE-2020-24631 (airwave_glass)</title>
2451 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24631</link>
2452 <description>A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
2453 <dc:date>2020-10-26T16:15:13Z</dc:date>
2454 </item>
2455 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24632">
2456 <title>CVE-2020-24632 (airwave_glass)</title>
2457 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24632</link>
2458 <description>A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
2459 <dc:date>2020-10-26T16:15:13Z</dc:date>
2460 </item>
2461 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24708">
2462 <title>CVE-2020-24708 (gophish)</title>
2463 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24708</link>
2464 <description>Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.</description>
2465 <dc:date>2020-10-28T20:15:13Z</dc:date>
2466 </item>
2467 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24709">
2468 <title>CVE-2020-24709 (gophish)</title>
2469 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24709</link>
2470 <description>Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.</description>
2471 <dc:date>2020-10-28T20:15:13Z</dc:date>
2472 </item>
2473 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24847">
2474 <title>CVE-2020-24847 (fruitywifi)</title>
2475 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24847</link>
2476 <description>A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.</description>
2477 <dc:date>2020-10-23T19:15:12Z</dc:date>
2478 </item>
2479 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25186">
2480 <title>CVE-2020-25186 (levistudiou)</title>
2481 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25186</link>
2482 <description>An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.</description>
2483 <dc:date>2020-10-22T21:15:13Z</dc:date>
2484 </item>
2485 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25188">
2486 <title>CVE-2020-25188 (scada)</title>
2487 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25188</link>
2488 <description>An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).</description>
2489 <dc:date>2020-10-14T13:15:13Z</dc:date>
2490 </item>
2491 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211">
2492 <title>CVE-2020-25211 (debian_linux, fedora, linux_kernel)</title>
2493 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211</link>
2494 <description>In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.</description>
2495 <dc:date>2020-09-09T16:15:12Z</dc:date>
2496 </item>
2497 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25214">
2498 <title>CVE-2020-25214 (overwolf)</title>
2499 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25214</link>
2500 <description>In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.</description>
2501 <dc:date>2020-10-16T20:15:12Z</dc:date>
2502 </item>
2503 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25466">
2504 <title>CVE-2020-25466 (crmeb)</title>
2505 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25466</link>
2506 <description>A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.</description>
2507 <dc:date>2020-10-23T15:15:12Z</dc:date>
2508 </item>
2509 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25470">
2510 <title>CVE-2020-25470 (antsword)</title>
2511 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25470</link>
2512 <description>AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.</description>
2513 <dc:date>2020-10-26T14:15:13Z</dc:date>
2514 </item>
2515 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25777">
2516 <title>CVE-2020-25777 (antivirus)</title>
2517 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25777</link>
2518 <description>Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.</description>
2519 <dc:date>2020-10-14T15:15:16Z</dc:date>
2520 </item>
2521 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25778">
2522 <title>CVE-2020-25778 (antivirus)</title>
2523 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25778</link>
2524 <description>Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.</description>
2525 <dc:date>2020-10-14T15:15:17Z</dc:date>
2526 </item>
2527 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25820">
2528 <title>CVE-2020-25820 (bigbluebutton)</title>
2529 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25820</link>
2530 <description>BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.</description>
2531 <dc:date>2020-10-21T13:15:12Z</dc:date>
2532 </item>
2533 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25824">
2534 <title>CVE-2020-25824 (telegram_desktop)</title>
2535 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25824</link>
2536 <description>Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files.</description>
2537 <dc:date>2020-10-14T15:15:17Z</dc:date>
2538 </item>
2539 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25825">
2540 <title>CVE-2020-25825 (octopus_deploy)</title>
2541 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25825</link>
2542 <description>In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.</description>
2543 <dc:date>2020-10-12T17:15:12Z</dc:date>
2544 </item>
2545 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25858">
2546 <title>CVE-2020-25858 (qualcomm_mobile_access_point)</title>
2547 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25858</link>
2548 <description>The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.</description>
2549 <dc:date>2020-10-15T16:15:12Z</dc:date>
2550 </item>
2551 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25859">
2552 <title>CVE-2020-25859 (qcmap)</title>
2553 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25859</link>
2554 <description>The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.</description>
2555 <dc:date>2020-10-15T16:15:12Z</dc:date>
2556 </item>
2557 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26161">
2558 <title>CVE-2020-26161 (octopus_deploy)</title>
2559 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26161</link>
2560 <description>In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.</description>
2561 <dc:date>2020-10-26T18:15:14Z</dc:date>
2562 </item>
2563 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26546">
2564 <title>CVE-2020-26546 (helpdeskz)</title>
2565 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26546</link>
2566 <description>** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</description>
2567 <dc:date>2020-10-12T19:15:12Z</dc:date>
2568 </item>
2569 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26561">
2570 <title>CVE-2020-26561 (linksys_wrt_160nl_firmware)</title>
2571 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26561</link>
2572 <description>** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</description>
2573 <dc:date>2020-10-23T06:15:12Z</dc:date>
2574 </item>
2575 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26566">
2576 <title>CVE-2020-26566 (motion)</title>
2577 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26566</link>
2578 <description>A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.</description>
2579 <dc:date>2020-10-26T18:15:14Z</dc:date>
2580 </item>
2581 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26583">
2582 <title>CVE-2020-26583 (sage_dpw)</title>
2583 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26583</link>
2584 <description>An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can persistently include arbitrary HTML or JavaScript code into the affected web page. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.</description>
2585 <dc:date>2020-10-16T06:15:12Z</dc:date>
2586 </item>
2587 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26584">
2588 <title>CVE-2020-26584 (sage_dpw)</title>
2589 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26584</link>
2590 <description>An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field &quot;Kurs suchen&quot; on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can be used to change the contents of the displayed site, redirect to other sites, or steal user credentials. Additionally, users are potential victims of browser exploits and JavaScript malware.</description>
2591 <dc:date>2020-10-16T06:15:12Z</dc:date>
2592 </item>
2593 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26649">
2594 <title>CVE-2020-26649 (atomxcms)</title>
2595 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26649</link>
2596 <description>AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php</description>
2597 <dc:date>2020-10-22T15:15:13Z</dc:date>
2598 </item>
2599 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26650">
2600 <title>CVE-2020-26650 (atomxcms)</title>
2601 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26650</link>
2602 <description>AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php</description>
2603 <dc:date>2020-10-22T15:15:13Z</dc:date>
2604 </item>
2605 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26891">
2606 <title>CVE-2020-26891 (synapse)</title>
2607 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26891</link>
2608 <description>AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.</description>
2609 <dc:date>2020-10-19T17:15:13Z</dc:date>
2610 </item>
2611 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26894">
2612 <title>CVE-2020-26894 (wildlife_issues_in_the_new_millennium)</title>
2613 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26894</link>
2614 <description>LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious &quot;cmd.exe&quot; in the folder of the vulnerable LiveCode application. If the application is using LiveCode's &quot;shell()&quot; function, it will attempt to search for &quot;cmd.exe&quot; in the folder of the current application and run the malicious &quot;cmd.exe&quot;.</description>
2615 <dc:date>2020-10-08T21:15:10Z</dc:date>
2616 </item>
2617 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26932">
2618 <title>CVE-2020-26932 (sympa)</title>
2619 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26932</link>
2620 <description>debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)</description>
2621 <dc:date>2020-10-10T18:15:12Z</dc:date>
2622 </item>
2623 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26935">
2624 <title>CVE-2020-26935 (backports_sle, debian_linux, fedora, phpmyadmin)</title>
2625 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26935</link>
2626 <description>An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.</description>
2627 <dc:date>2020-10-10T19:15:12Z</dc:date>
2628 </item>
2629 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26943">
2630 <title>CVE-2020-26943 (blazar-dashboard)</title>
2631 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26943</link>
2632 <description>An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.</description>
2633 <dc:date>2020-10-16T06:15:12Z</dc:date>
2634 </item>
2635 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26944">
2636 <title>CVE-2020-26944 (product_configurator)</title>
2637 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26944</link>
2638 <description>An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely.</description>
2639 <dc:date>2020-10-16T14:15:11Z</dc:date>
2640 </item>
2641 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26945">
2642 <title>CVE-2020-26945 (mybatis)</title>
2643 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26945</link>
2644 <description>MyBatis before 3.5.6 mishandles deserialization of object streams.</description>
2645 <dc:date>2020-10-10T20:15:11Z</dc:date>
2646 </item>
2647 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26947">
2648 <title>CVE-2020-26947 (monero)</title>
2649 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26947</link>
2650 <description>monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.</description>
2651 <dc:date>2020-10-10T21:15:11Z</dc:date>
2652 </item>
2653 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26948">
2654 <title>CVE-2020-26948 (msf_emby)</title>
2655 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26948</link>
2656 <description>Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.</description>
2657 <dc:date>2020-10-10T21:15:12Z</dc:date>
2658 </item>
2659 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27013">
2660 <title>CVE-2020-27013 (antivirus)</title>
2661 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27013</link>
2662 <description>Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.</description>
2663 <dc:date>2020-10-14T15:15:17Z</dc:date>
2664 </item>
2665 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27155">
2666 <title>CVE-2020-27155 (octopus_deploy)</title>
2667 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27155</link>
2668 <description>An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.</description>
2669 <dc:date>2020-10-22T17:15:12Z</dc:date>
2670 </item>
2671 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27163">
2672 <title>CVE-2020-27163 (phpredisadmin)</title>
2673 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27163</link>
2674 <description>phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.</description>
2675 <dc:date>2020-10-16T03:15:12Z</dc:date>
2676 </item>
2677 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27173">
2678 <title>CVE-2020-27173 (vm-superio)</title>
2679 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27173</link>
2680 <description>In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.</description>
2681 <dc:date>2020-10-16T04:15:12Z</dc:date>
2682 </item>
2683 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27174">
2684 <title>CVE-2020-27174 (firecracker)</title>
2685 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27174</link>
2686 <description>In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.</description>
2687 <dc:date>2020-10-16T05:15:11Z</dc:date>
2688 </item>
2689 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27176">
2690 <title>CVE-2020-27176 (marktext)</title>
2691 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27176</link>
2692 <description>Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the &quot;source code mode&quot; feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.</description>
2693 <dc:date>2020-10-16T05:15:11Z</dc:date>
2694 </item>
2695 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27178">
2696 <title>CVE-2020-27178 (central_authentication_service)</title>
2697 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27178</link>
2698 <description>Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.</description>
2699 <dc:date>2020-10-16T16:15:11Z</dc:date>
2700 </item>
2701 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27180">
2702 <title>CVE-2020-27180 (publixone)</title>
2703 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27180</link>
2704 <description>konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.</description>
2705 <dc:date>2020-10-27T05:15:12Z</dc:date>
2706 </item>
2707 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27181">
2708 <title>CVE-2020-27181 (publixone)</title>
2709 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27181</link>
2710 <description>A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files.</description>
2711 <dc:date>2020-10-27T05:15:12Z</dc:date>
2712 </item>
2713 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27182">
2714 <title>CVE-2020-27182 (publixone)</title>
2715 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27182</link>
2716 <description>Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.</description>
2717 <dc:date>2020-10-27T05:15:13Z</dc:date>
2718 </item>
2719 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27183">
2720 <title>CVE-2020-27183 (publixone)</title>
2721 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27183</link>
2722 <description>A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.</description>
2723 <dc:date>2020-10-27T05:15:13Z</dc:date>
2724 </item>
2725 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27187">
2726 <title>CVE-2020-27187 (partition_manager)</title>
2727 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27187</link>
2728 <description>An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.</description>
2729 <dc:date>2020-10-26T17:15:12Z</dc:date>
2730 </item>
2731 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194">
2732 <title>CVE-2020-27194 (linux_kernel)</title>
2733 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194</link>
2734 <description>An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.</description>
2735 <dc:date>2020-10-16T21:15:14Z</dc:date>
2736 </item>
2737 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27197">
2738 <title>CVE-2020-27197 (libtaxii, opentaxii)</title>
2739 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27197</link>
2740 <description>** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method &quot;wraps the lxml library&quot; and that this may be an issue to &quot;raise ... to the lxml group.&quot;</description>
2741 <dc:date>2020-10-17T20:15:10Z</dc:date>
2742 </item>
2743 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27388">
2744 <title>CVE-2020-27388 (yourls)</title>
2745 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27388</link>
2746 <description>Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.</description>
2747 <dc:date>2020-10-23T20:15:12Z</dc:date>
2748 </item>
2749 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27533">
2750 <title>CVE-2020-27533 (dedecms)</title>
2751 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27533</link>
2752 <description>A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.</description>
2753 <dc:date>2020-10-22T15:15:13Z</dc:date>
2754 </item>
2755 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27560">
2756 <title>CVE-2020-27560 (imagemagick)</title>
2757 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27560</link>
2758 <description>ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.</description>
2759 <dc:date>2020-10-22T14:15:13Z</dc:date>
2760 </item>
2761 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27603">
2762 <title>CVE-2020-27603 (bigbluebutton)</title>
2763 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27603</link>
2764 <description>BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.</description>
2765 <dc:date>2020-10-21T15:15:26Z</dc:date>
2766 </item>
2767 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27604">
2768 <title>CVE-2020-27604 (bigbluebutton)</title>
2769 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27604</link>
2770 <description>BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting.</description>
2771 <dc:date>2020-10-21T15:15:26Z</dc:date>
2772 </item>
2773 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27605">
2774 <title>CVE-2020-27605 (bigbluebutton)</title>
2775 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27605</link>
2776 <description>BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a &quot;schwache Sandbox.&quot;</description>
2777 <dc:date>2020-10-21T15:15:27Z</dc:date>
2778 </item>
2779 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27606">
2780 <title>CVE-2020-27606 (bigbluebutton)</title>
2781 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27606</link>
2782 <description>BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.</description>
2783 <dc:date>2020-10-21T15:15:27Z</dc:date>
2784 </item>
2785 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27607">
2786 <title>CVE-2020-27607 (bigbluebutton)</title>
2787 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27607</link>
2788 <description>In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties.</description>
2789 <dc:date>2020-10-21T15:15:27Z</dc:date>
2790 </item>
2791 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27608">
2792 <title>CVE-2020-27608 (bigbluebutton)</title>
2793 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27608</link>
2794 <description>In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.</description>
2795 <dc:date>2020-10-21T15:15:27Z</dc:date>
2796 </item>
2797 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27609">
2798 <title>CVE-2020-27609 (bigbluebutton)</title>
2799 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27609</link>
2800 <description>BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.</description>
2801 <dc:date>2020-10-21T15:15:27Z</dc:date>
2802 </item>
2803 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27610">
2804 <title>CVE-2020-27610 (bigbluebutton)</title>
2805 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27610</link>
2806 <description>The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.</description>
2807 <dc:date>2020-10-21T15:15:27Z</dc:date>
2808 </item>
2809 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27611">
2810 <title>CVE-2020-27611 (bigbluebutton)</title>
2811 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27611</link>
2812 <description>BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.</description>
2813 <dc:date>2020-10-21T15:15:27Z</dc:date>
2814 </item>
2815 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27612">
2816 <title>CVE-2020-27612 (bigbluebutton)</title>
2817 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27612</link>
2818 <description>Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.</description>
2819 <dc:date>2020-10-21T15:15:27Z</dc:date>
2820 </item>
2821 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27613">
2822 <title>CVE-2020-27613 (bigbluebutton)</title>
2823 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27613</link>
2824 <description>The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.</description>
2825 <dc:date>2020-10-21T15:15:27Z</dc:date>
2826 </item>
2827 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27620">
2828 <title>CVE-2020-27620 (skin:cosmos)</title>
2829 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27620</link>
2830 <description>The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.</description>
2831 <dc:date>2020-10-22T04:15:11Z</dc:date>
2832 </item>
2833 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27638">
2834 <title>CVE-2020-27638 (debian_linux, fastd)</title>
2835 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27638</link>
2836 <description>receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.</description>
2837 <dc:date>2020-10-22T13:15:15Z</dc:date>
2838 </item>
2839 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27642">
2840 <title>CVE-2020-27642 (greenlight)</title>
2841 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27642</link>
2842 <description>A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.</description>
2843 <dc:date>2020-10-22T13:15:15Z</dc:date>
2844 </item>
2845 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27664">
2846 <title>CVE-2020-27664 (strapi)</title>
2847 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27664</link>
2848 <description>admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.</description>
2849 <dc:date>2020-10-22T19:15:13Z</dc:date>
2850 </item>
2851 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27665">
2852 <title>CVE-2020-27665 (strapi)</title>
2853 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27665</link>
2854 <description>In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.</description>
2855 <dc:date>2020-10-22T19:15:13Z</dc:date>
2856 </item>
2857 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27666">
2858 <title>CVE-2020-27666 (strapi)</title>
2859 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27666</link>
2860 <description>Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.</description>
2861 <dc:date>2020-10-22T19:15:13Z</dc:date>
2862 </item>
2863 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27670">
2864 <title>CVE-2020-27670 (xen)</title>
2865 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27670</link>
2866 <description>An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.</description>
2867 <dc:date>2020-10-22T21:15:13Z</dc:date>
2868 </item>
2869 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27671">
2870 <title>CVE-2020-27671 (xen)</title>
2871 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27671</link>
2872 <description>An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.</description>
2873 <dc:date>2020-10-22T21:15:13Z</dc:date>
2874 </item>
2875 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27672">
2876 <title>CVE-2020-27672 (xen)</title>
2877 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27672</link>
2878 <description>An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.</description>
2879 <dc:date>2020-10-22T21:15:13Z</dc:date>
2880 </item>
2881 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673">
2882 <title>CVE-2020-27673 (linux_kernel, xen)</title>
2883 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673</link>
2884 <description>An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.</description>
2885 <dc:date>2020-10-22T21:15:14Z</dc:date>
2886 </item>
2887 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27678">
2888 <title>CVE-2020-27678 (illumos, omnios, smartos)</title>
2889 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27678</link>
2890 <description>An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.</description>
2891 <dc:date>2020-10-26T12:17:12Z</dc:date>
2892 </item>
2893 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27974">
2894 <title>CVE-2020-27974 (neopost_mail_accounting)</title>
2895 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27974</link>
2896 <description>NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.</description>
2897 <dc:date>2020-10-28T15:15:13Z</dc:date>
2898 </item>
2899 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27975">
2900 <title>CVE-2020-27975 (oscommerce)</title>
2901 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27975</link>
2902 <description>osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.</description>
2903 <dc:date>2020-10-28T15:15:13Z</dc:date>
2904 </item>
2905 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27976">
2906 <title>CVE-2020-27976 (oscommerce)</title>
2907 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27976</link>
2908 <description>osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.</description>
2909 <dc:date>2020-10-28T15:15:13Z</dc:date>
2910 </item>
2911 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3299">
2912 <title>CVE-2020-3299 (firepower_threat_defense, snort)</title>
2913 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3299</link>
2914 <description>Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.</description>
2915 <dc:date>2020-10-21T19:15:15Z</dc:date>
2916 </item>
2917 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3304">
2918 <title>CVE-2020-3304 (adaptive_security_appliance, firepower_threat_defense)</title>
2919 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3304</link>
2920 <description>A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic.</description>
2921 <dc:date>2020-10-21T19:15:15Z</dc:date>
2922 </item>
2923 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3373">
2924 <title>CVE-2020-3373 (adaptive_security_appliance, firepower_threat_defense)</title>
2925 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3373</link>
2926 <description>A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper error handling when specific failures occur during IP fragment reassembly. An attacker could exploit this vulnerability by sending crafted, fragmented IP traffic to a targeted device. A successful exploit could allow the attacker to continuously consume memory on the affected device and eventually impact traffic, resulting in a DoS condition. The device could require a manual reboot to recover from the DoS condition. Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version 6 (IPv6) traffic.</description>
2927 <dc:date>2020-10-21T19:15:15Z</dc:date>
2928 </item>
2929 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3410">
2930 <title>CVE-2020-3410 (firepower_management_center)</title>
2931 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3410</link>
2932 <description>A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a valid CAC to initiate the access attempt. The vulnerability is due to incorrect session invalidation during CAC authentication. An attacker could exploit this vulnerability by performing a CAC-based authentication attempt to an affected system. A successful exploit could allow the attacker to access an affected system with the privileges of a CAC-authenticated user who is currently logged in.</description>
2933 <dc:date>2020-10-21T19:15:15Z</dc:date>
2934 </item>
2935 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3427">
2936 <title>CVE-2020-3427 (duo_authentication_for_windows_logon_and_rdp)</title>
2937 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3427</link>
2938 <description>The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.</description>
2939 <dc:date>2020-10-14T19:15:13Z</dc:date>
2940 </item>
2941 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3436">
2942 <title>CVE-2020-3436 (adaptive_security_appliance, firepower_threat_defense)</title>
2943 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3436</link>
2944 <description>A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition.</description>
2945 <dc:date>2020-10-21T19:15:16Z</dc:date>
2946 </item>
2947 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3455">
2948 <title>CVE-2020-3455 (firepower_extensible_operating_system)</title>
2949 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3455</link>
2950 <description>A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots.</description>
2951 <dc:date>2020-10-21T19:15:16Z</dc:date>
2952 </item>
2953 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3456">
2954 <title>CVE-2020-3456 (firepower_extensible_operating_system)</title>
2955 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3456</link>
2956 <description>A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due to insufficient CSRF protections for the FCM interface. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could take unauthorized actions on behalf of the targeted user.</description>
2957 <dc:date>2020-10-21T19:15:16Z</dc:date>
2958 </item>
2959 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3457">
2960 <title>CVE-2020-3457 (adaptive_security_appliance, firepower_extensible_operating_system, firepower_threat_defense)</title>
2961 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3457</link>
2962 <description>A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.</description>
2963 <dc:date>2020-10-21T19:15:16Z</dc:date>
2964 </item>
2965 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3458">
2966 <title>CVE-2020-3458 (adaptive_security_appliance, firepower_threat_defense)</title>
2967 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3458</link>
2968 <description>Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The vulnerabilities are due to insufficient protections of the secure boot process. An attacker could exploit these vulnerabilities by injecting code into specific files that are then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device, which would be executed at each boot and maintain persistence across reboots.</description>
2969 <dc:date>2020-10-21T19:15:16Z</dc:date>
2970 </item>
2971 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3459">
2972 <title>CVE-2020-3459 (firepower_extensible_operating_system)</title>
2973 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3459</link>
2974 <description>A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.</description>
2975 <dc:date>2020-10-21T19:15:16Z</dc:date>
2976 </item>
2977 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3483">
2978 <title>CVE-2020-3483 (duo_network_gateway)</title>
2979 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3483</link>
2980 <description>Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected.</description>
2981 <dc:date>2020-10-14T19:15:14Z</dc:date>
2982 </item>
2983 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3499">
2984 <title>CVE-2020-3499 (firepower_management_center)</title>
2985 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3499</link>
2986 <description>A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. A successful exploit could allow the attacker to cause the affected system to become unresponsive, resulting in a DoS condition and preventing the management of dependent devices.</description>
2987 <dc:date>2020-10-21T19:15:16Z</dc:date>
2988 </item>
2989 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3514">
2990 <title>CVE-2020-3514 (firepower_management_center, firepower_threat_defense)</title>
2991 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3514</link>
2992 <description>A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials on the device.The vulnerability exists because a configuration file that is used at container startup has insufficient protections. An attacker could exploit this vulnerability by modifying a specific container configuration file on the underlying file system. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running Cisco FTD instances or the host Cisco FXOS device.</description>
2993 <dc:date>2020-10-21T19:15:16Z</dc:date>
2994 </item>
2995 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3515">
2996 <title>CVE-2020-3515 (firepower_management_center)</title>
2997 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3515</link>
2998 <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</description>
2999 <dc:date>2020-10-21T19:15:16Z</dc:date>
3000 </item>
3001 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3528">
3002 <title>CVE-2020-3528 (adaptive_security_appliance, firepower_threat_defense)</title>
3003 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3528</link>
3004 <description>A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation when the affected software processes certain OSPFv2 packets with Link-Local Signaling (LLS) data. An attacker could exploit this vulnerability by sending a malformed OSPFv2 packet to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.</description>
3005 <dc:date>2020-10-21T19:15:16Z</dc:date>
3006 </item>
3007 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3529">
3008 <title>CVE-2020-3529 (adaptive_security_appliance, firepower_threat_defense)</title>
3009 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3529</link>
3010 <description>A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient direct memory access (DMA) memory management during the negotiation phase of an SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted Datagram TLS (DTLS) traffic to an affected device. A successful exploit could allow the attacker to exhaust DMA memory on the device and cause a DoS condition.</description>
3011 <dc:date>2020-10-21T19:15:16Z</dc:date>
3012 </item>
3013 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3533">
3014 <title>CVE-2020-3533 (firepower_threat_defense)</title>
3015 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3533</link>
3016 <description>A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP.</description>
3017 <dc:date>2020-10-21T19:15:17Z</dc:date>
3018 </item>
3019 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3549">
3020 <title>CVE-2020-3549 (firepower_management_center, firepower_threat_defense)</title>
3021 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3549</link>
3022 <description>A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.</description>
3023 <dc:date>2020-10-21T19:15:17Z</dc:date>
3024 </item>
3025 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3550">
3026 <title>CVE-2020-3550 (firepower_management_center, firepower_threat_defense)</title>
3027 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3550</link>
3028 <description>A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device.</description>
3029 <dc:date>2020-10-21T19:15:17Z</dc:date>
3030 </item>
3031 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3553">
3032 <title>CVE-2020-3553 (firepower_management_center)</title>
3033 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3553</link>
3034 <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</description>
3035 <dc:date>2020-10-21T19:15:17Z</dc:date>
3036 </item>
3037 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3554">
3038 <title>CVE-2020-3554 (adaptive_security_appliance, firepower_threat_defense)</title>
3039 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3554</link>
3040 <description>A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory exhaustion condition. An attacker could exploit this vulnerability by sending a high rate of crafted TCP traffic through an affected device. A successful exploit could allow the attacker to exhaust device resources, resulting in a DoS condition for traffic transiting the affected device.</description>
3041 <dc:date>2020-10-21T19:15:17Z</dc:date>
3042 </item>
3043 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3555">
3044 <title>CVE-2020-3555 (adaptive_security_appliance, firepower_threat_defense)</title>
3045 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3555</link>
3046 <description>A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device.</description>
3047 <dc:date>2020-10-21T19:15:17Z</dc:date>
3048 </item>
3049 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3557">
3050 <title>CVE-2020-3557 (firepower_management_center)</title>
3051 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3557</link>
3052 <description>A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API.</description>
3053 <dc:date>2020-10-21T19:15:17Z</dc:date>
3054 </item>
3055 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3558">
3056 <title>CVE-2020-3558 (firepower_management_center)</title>
3057 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3558</link>
3058 <description>A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.</description>
3059 <dc:date>2020-10-21T19:15:17Z</dc:date>
3060 </item>
3061 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3578">
3062 <title>CVE-2020-3578 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3063 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3578</link>
3064 <description>A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device.</description>
3065 <dc:date>2020-10-21T19:15:18Z</dc:date>
3066 </item>
3067 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3580">
3068 <title>CVE-2020-3580 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3069 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3580</link>
3070 <description>Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.</description>
3071 <dc:date>2020-10-21T19:15:18Z</dc:date>
3072 </item>
3073 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3581">
3074 <title>CVE-2020-3581 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3075 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3581</link>
3076 <description>Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.</description>
3077 <dc:date>2020-10-21T19:15:18Z</dc:date>
3078 </item>
3079 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3582">
3080 <title>CVE-2020-3582 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3081 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3582</link>
3082 <description>Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.</description>
3083 <dc:date>2020-10-21T19:15:18Z</dc:date>
3084 </item>
3085 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3583">
3086 <title>CVE-2020-3583 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3087 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3583</link>
3088 <description>Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.</description>
3089 <dc:date>2020-10-21T19:15:18Z</dc:date>
3090 </item>
3091 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3585">
3092 <title>CVE-2020-3585 (adaptive_security_appliance_software, firepower_threat_defense)</title>
3093 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3585</link>
3094 <description>A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device</description>
3095 <dc:date>2020-10-21T19:15:18Z</dc:date>
3096 </item>
3097 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3597">
3098 <title>CVE-2020-3597 (nexus_data_broker)</title>
3099 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3597</link>
3100 <description>A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device.</description>
3101 <dc:date>2020-10-08T05:15:15Z</dc:date>
3102 </item>
3103 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3855">
3104 <title>CVE-2020-3855 (mac_os_x)</title>
3105 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3855</link>
3106 <description>An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.</description>
3107 <dc:date>2020-10-27T21:15:15Z</dc:date>
3108 </item>
3109 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3863">
3110 <title>CVE-2020-3863 (mac_os_x)</title>
3111 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3863</link>
3112 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges.</description>
3113 <dc:date>2020-10-27T21:15:15Z</dc:date>
3114 </item>
3115 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3864">
3116 <title>CVE-2020-3864 (icloud, ipados, iphone_os, itunes, safari, tvos)</title>
3117 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3864</link>
3118 <description>A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.</description>
3119 <dc:date>2020-10-27T21:15:15Z</dc:date>
3120 </item>
3121 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3880">
3122 <title>CVE-2020-3880 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
3123 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3880</link>
3124 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3125 <dc:date>2020-10-27T21:15:15Z</dc:date>
3126 </item>
3127 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3898">
3128 <title>CVE-2020-3898 (mac_os_x)</title>
3129 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3898</link>
3130 <description>A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.</description>
3131 <dc:date>2020-10-22T18:15:12Z</dc:date>
3132 </item>
3133 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3915">
3134 <title>CVE-2020-3915 (mac_os_x)</title>
3135 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3915</link>
3136 <description>A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files.</description>
3137 <dc:date>2020-10-22T18:15:13Z</dc:date>
3138 </item>
3139 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3918">
3140 <title>CVE-2020-3918 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3141 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3918</link>
3142 <description>An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.</description>
3143 <dc:date>2020-10-22T18:15:13Z</dc:date>
3144 </item>
3145 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3981">
3146 <title>CVE-2020-3981 (cloud_foundation, esxi, fusion, workstation)</title>
3147 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3981</link>
3148 <description>VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.</description>
3149 <dc:date>2020-10-20T17:15:12Z</dc:date>
3150 </item>
3151 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3982">
3152 <title>CVE-2020-3982 (cloud_foundation, esxi, fusion, workstation, workstation_player)</title>
3153 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3982</link>
3154 <description>VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.</description>
3155 <dc:date>2020-10-20T17:15:12Z</dc:date>
3156 </item>
3157 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3992">
3158 <title>CVE-2020-3992 (cloud_foundation, esxi)</title>
3159 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3992</link>
3160 <description>OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.</description>
3161 <dc:date>2020-10-20T17:15:12Z</dc:date>
3162 </item>
3163 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3993">
3164 <title>CVE-2020-3993 (cloud_foundation, nsx-t_data_center)</title>
3165 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3993</link>
3166 <description>VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.</description>
3167 <dc:date>2020-10-20T17:15:12Z</dc:date>
3168 </item>
3169 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3994">
3170 <title>CVE-2020-3994 (cloud_foundation, vcenter_server)</title>
3171 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3994</link>
3172 <description>VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates.</description>
3173 <dc:date>2020-10-20T17:15:12Z</dc:date>
3174 </item>
3175 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3995">
3176 <title>CVE-2020-3995 (cloud_foundation, esxi, fusion, workstation)</title>
3177 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3995</link>
3178 <description>In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.</description>
3179 <dc:date>2020-10-20T17:15:13Z</dc:date>
3180 </item>
3181 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3996">
3182 <title>CVE-2020-3996 (velero)</title>
3183 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3996</link>
3184 <description>Velero (prior to 1.4.3 and 1.5.2) in some instances doesn&acirc;&euro;&trade;t properly manage volume identifiers which may result in information leakage to unauthorized users.</description>
3185 <dc:date>2020-10-22T21:15:14Z</dc:date>
3186 </item>
3187 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3997">
3188 <title>CVE-2020-3997 (horizon)</title>
3189 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3997</link>
3190 <description>VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.</description>
3191 <dc:date>2020-10-23T14:15:12Z</dc:date>
3192 </item>
3193 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3998">
3194 <title>CVE-2020-3998 (horizon_client)</title>
3195 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3998</link>
3196 <description>VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.</description>
3197 <dc:date>2020-10-23T14:15:12Z</dc:date>
3198 </item>
3199 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4395">
3200 <title>CVE-2020-4395 (security_access_manager_appliance)</title>
3201 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4395</link>
3202 <description>IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.</description>
3203 <dc:date>2020-10-14T17:15:13Z</dc:date>
3204 </item>
3205 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4731">
3206 <title>CVE-2020-4731 (aspera_shares)</title>
3207 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4731</link>
3208 <description>IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.</description>
3209 <dc:date>2020-09-21T15:15:13Z</dc:date>
3210 </item>
3211 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4767">
3212 <title>CVE-2020-4767 (sterling_connect:direct)</title>
3213 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4767</link>
3214 <description>IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause the application to crash. IBM X-Force ID: 188906.</description>
3215 <dc:date>2020-10-28T17:15:12Z</dc:date>
3216 </item>
3217 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4780">
3218 <title>CVE-2020-4780 (curam_social_program_management)</title>
3219 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4780</link>
3220 <description>OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.</description>
3221 <dc:date>2020-10-12T13:15:13Z</dc:date>
3222 </item>
3223 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4781">
3224 <title>CVE-2020-4781 (curam_social_program_management)</title>
3225 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4781</link>
3226 <description>An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.</description>
3227 <dc:date>2020-10-12T13:15:13Z</dc:date>
3228 </item>
3229 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4782">
3230 <title>CVE-2020-4782 (websphere_application_server)</title>
3231 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4782</link>
3232 <description>IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing &quot;dot dot&quot; sequences (/../) to view arbitrary files on the system.</description>
3233 <dc:date>2020-10-28T17:15:13Z</dc:date>
3234 </item>
3235 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5650">
3236 <title>CVE-2020-5650 (simple_download_monitor)</title>
3237 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5650</link>
3238 <description>Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.</description>
3239 <dc:date>2020-10-21T16:15:14Z</dc:date>
3240 </item>
3241 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5651">
3242 <title>CVE-2020-5651 (simple_download_monitor)</title>
3243 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5651</link>
3244 <description>SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.</description>
3245 <dc:date>2020-10-21T16:15:15Z</dc:date>
3246 </item>
3247 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5977">
3248 <title>CVE-2020-5977 (geforce_experience)</title>
3249 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5977</link>
3250 <description>NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.</description>
3251 <dc:date>2020-10-23T18:15:16Z</dc:date>
3252 </item>
3253 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5978">
3254 <title>CVE-2020-5978 (geforce_experience)</title>
3255 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5978</link>
3256 <description>NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.</description>
3257 <dc:date>2020-10-23T18:15:16Z</dc:date>
3258 </item>
3259 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5990">
3260 <title>CVE-2020-5990 (geforce_experience)</title>
3261 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5990</link>
3262 <description>NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.</description>
3263 <dc:date>2020-10-23T18:15:17Z</dc:date>
3264 </item>
3265 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6022">
3266 <title>CVE-2020-6022 (zonealarm)</title>
3267 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6022</link>
3268 <description>Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.</description>
3269 <dc:date>2020-10-27T14:15:14Z</dc:date>
3270 </item>
3271 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6023">
3272 <title>CVE-2020-6023 (zonealarm)</title>
3273 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6023</link>
3274 <description>Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.</description>
3275 <dc:date>2020-10-27T14:15:15Z</dc:date>
3276 </item>
3277 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6083">
3278 <title>CVE-2020-6083 (allen-bradley_flex_io_1794-aent/b_firmware)</title>
3279 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6083</link>
3280 <description>An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.</description>
3281 <dc:date>2020-10-14T13:15:13Z</dc:date>
3282 </item>
3283 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6084">
3284 <title>CVE-2020-6084 (flex_i/o_1794-aent)</title>
3285 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6084</link>
3286 <description>An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.</description>
3287 <dc:date>2020-10-19T21:15:13Z</dc:date>
3288 </item>
3289 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6085">
3290 <title>CVE-2020-6085 (flex_i/o_1794-aent)</title>
3291 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6085</link>
3292 <description>An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field.</description>
3293 <dc:date>2020-10-19T21:15:13Z</dc:date>
3294 </item>
3295 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6369">
3296 <title>CVE-2020-6369 (focused_run, solution_manager)</title>
3297 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6369</link>
3298 <description>SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.</description>
3299 <dc:date>2020-10-20T14:15:14Z</dc:date>
3300 </item>
3301 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6648">
3302 <title>CVE-2020-6648 (fortios)</title>
3303 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6648</link>
3304 <description>A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and below may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the &quot;diag sys ha checksum show&quot; command.</description>
3305 <dc:date>2020-10-21T14:15:20Z</dc:date>
3306 </item>
3307 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6876">
3308 <title>CVE-2020-6876 (evdc)</title>
3309 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6876</link>
3310 <description>A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04</description>
3311 <dc:date>2020-10-26T16:15:13Z</dc:date>
3312 </item>
3313 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6933">
3314 <title>CVE-2020-6933 (unified_endpoint_manager)</title>
3315 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6933</link>
3316 <description>An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.</description>
3317 <dc:date>2020-10-14T14:15:17Z</dc:date>
3318 </item>
3319 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7124">
3320 <title>CVE-2020-7124 (airwave_glass)</title>
3321 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7124</link>
3322 <description>A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
3323 <dc:date>2020-10-26T16:15:13Z</dc:date>
3324 </item>
3325 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7125">
3326 <title>CVE-2020-7125 (airwave_glass)</title>
3327 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7125</link>
3328 <description>A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
3329 <dc:date>2020-10-26T16:15:13Z</dc:date>
3330 </item>
3331 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7126">
3332 <title>CVE-2020-7126 (airwave_glass)</title>
3333 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7126</link>
3334 <description>A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
3335 <dc:date>2020-10-26T16:15:13Z</dc:date>
3336 </item>
3337 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7127">
3338 <title>CVE-2020-7127 (airwave_glass)</title>
3339 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7127</link>
3340 <description>A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.</description>
3341 <dc:date>2020-10-26T16:15:14Z</dc:date>
3342 </item>
3343 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7330">
3344 <title>CVE-2020-7330 (total_protection)</title>
3345 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7330</link>
3346 <description>Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables</description>
3347 <dc:date>2020-10-14T09:15:13Z</dc:date>
3348 </item>
3349 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7363">
3350 <title>CVE-2020-7363 (uc_browser)</title>
3351 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7363</link>
3352 <description>User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.</description>
3353 <dc:date>2020-10-20T17:15:13Z</dc:date>
3354 </item>
3355 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7364">
3356 <title>CVE-2020-7364 (uc_browser)</title>
3357 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7364</link>
3358 <description>User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.</description>
3359 <dc:date>2020-10-20T17:15:13Z</dc:date>
3360 </item>
3361 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7371">
3362 <title>CVE-2020-7371 (rits_browser)</title>
3363 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7371</link>
3364 <description>User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions.</description>
3365 <dc:date>2020-10-20T17:15:13Z</dc:date>
3366 </item>
3367 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7590">
3368 <title>CVE-2020-7590 (dca_vantage_analyzer_firmware)</title>
3369 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7590</link>
3370 <description>A vulnerability has been identified in DCA Vantage Analyzer (All versions &lt; V4.5 are affected by CVE-2020-7590. In addition, serial numbers &lt; 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.</description>
3371 <dc:date>2020-10-13T16:15:21Z</dc:date>
3372 </item>
3373 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7736">
3374 <title>CVE-2020-7736 (bmoor)</title>
3375 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7736</link>
3376 <description>The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.</description>
3377 <dc:date>2020-10-02T10:15:12Z</dc:date>
3378 </item>
3379 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7743">
3380 <title>CVE-2020-7743 (mathjs)</title>
3381 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7743</link>
3382 <description>The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.</description>
3383 <dc:date>2020-10-13T10:15:13Z</dc:date>
3384 </item>
3385 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7744">
3386 <title>CVE-2020-7744 (mintegraladsdk)</title>
3387 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7744</link>
3388 <description>This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).</description>
3389 <dc:date>2020-10-15T13:15:12Z</dc:date>
3390 </item>
3391 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7749">
3392 <title>CVE-2020-7749 (osm-static-maps)</title>
3393 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7749</link>
3394 <description>This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.</description>
3395 <dc:date>2020-10-20T11:15:12Z</dc:date>
3396 </item>
3397 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7750">
3398 <title>CVE-2020-7750 (scratch-svg-renderer)</title>
3399 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7750</link>
3400 <description>This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.</description>
3401 <dc:date>2020-10-21T17:15:13Z</dc:date>
3402 </item>
3403 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7753">
3404 <title>CVE-2020-7753 (trim)</title>
3405 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7753</link>
3406 <description>All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().</description>
3407 <dc:date>2020-10-27T09:15:12Z</dc:date>
3408 </item>
3409 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7754">
3410 <title>CVE-2020-7754 (npm-user-validate)</title>
3411 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7754</link>
3412 <description>This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.</description>
3413 <dc:date>2020-10-27T15:15:13Z</dc:date>
3414 </item>
3415 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8263">
3416 <title>CVE-2020-8263 (pulse_secure_desktop_client)</title>
3417 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8263</link>
3418 <description>A vulnerability in the authenticated user web interface of Pulse Connect Secure &lt; 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.</description>
3419 <dc:date>2020-10-28T13:15:13Z</dc:date>
3420 </item>
3421 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8332">
3422 <title>CVE-2020-8332 (bladecenter_hs23_firmware, bladecenter_hs23e_firmware, compute_node-x440_firmware, flex_system_x220_firmware, flex_system_x240_firmware, flex_system_x440_firmware, idataplex_dx360_m4_firmware, idataplex_dx360_m4_water_cooled_firmware, nextscale_nx360_m4_firmware, system_x3300_m4_firmware, system_x3500_m4_firmware, system_x3530_m4_firmware, system_x3550_m4_firmware, system_x3630_m4_firmware, system_x3650_m4_bd_firmware, system_x3650_m4_firmware, system_x3650_m4_hd_firmware, system_x3750_m4_firmware)</title>
3423 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8332</link>
3424 <description>A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.</description>
3425 <dc:date>2020-10-14T22:15:13Z</dc:date>
3426 </item>
3427 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8345">
3428 <title>CVE-2020-8345 (hardware_scan)</title>
3429 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8345</link>
3430 <description>A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.</description>
3431 <dc:date>2020-10-14T22:15:13Z</dc:date>
3432 </item>
3433 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8349">
3434 <title>CVE-2020-8349 (cloud_networking_operating_system)</title>
3435 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8349</link>
3436 <description>An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)&acirc;&euro;&trade; optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.</description>
3437 <dc:date>2020-10-14T22:15:13Z</dc:date>
3438 </item>
3439 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8579">
3440 <title>CVE-2020-8579 (clustered_data_ontap)</title>
3441 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8579</link>
3442 <description>Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an attacker with access to an intercluster LIF to cause a Denial of Service (DoS).</description>
3443 <dc:date>2020-10-27T14:15:15Z</dc:date>
3444 </item>
3445 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8929">
3446 <title>CVE-2020-8929 (tink)</title>
3447 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8929</link>
3448 <description>A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.</description>
3449 <dc:date>2020-10-19T13:15:13Z</dc:date>
3450 </item>
3451 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8956">
3452 <title>CVE-2020-8956 (pulse_secure_desktop)</title>
3453 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8956</link>
3454 <description>Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.</description>
3455 <dc:date>2020-10-27T05:15:13Z</dc:date>
3456 </item>
3457 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9105">
3458 <title>CVE-2020-9105 (taurus-an00b_firmware)</title>
3459 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9105</link>
3460 <description>Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.</description>
3461 <dc:date>2020-10-09T13:15:11Z</dc:date>
3462 </item>
3463 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9111">
3464 <title>CVE-2020-9111 (e6878-370_firmware, e6878-870_firmware)</title>
3465 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9111</link>
3466 <description>E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.</description>
3467 <dc:date>2020-10-19T20:15:13Z</dc:date>
3468 </item>
3469 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9112">
3470 <title>CVE-2020-9112 (taurus-an00b_firmware)</title>
3471 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9112</link>
3472 <description>Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.</description>
3473 <dc:date>2020-10-19T20:15:13Z</dc:date>
3474 </item>
3475 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9123">
3476 <title>CVE-2020-9123 (p30_pro_firmware)</title>
3477 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9123</link>
3478 <description>HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution.</description>
3479 <dc:date>2020-10-12T14:15:14Z</dc:date>
3480 </item>
3481 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9417">
3482 <title>CVE-2020-9417 (foresight_archive_and_retrieval_system, foresight_operational_monitor, foresight_transaction_insight)</title>
3483 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9417</link>
3484 <description>The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.</description>
3485 <dc:date>2020-10-20T21:15:13Z</dc:date>
3486 </item>
3487 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9771">
3488 <title>CVE-2020-9771 (mac_os_x)</title>
3489 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9771</link>
3490 <description>This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system.</description>
3491 <dc:date>2020-10-22T18:15:13Z</dc:date>
3492 </item>
3493 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9772">
3494 <title>CVE-2020-9772 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3495 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9772</link>
3496 <description>A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.</description>
3497 <dc:date>2020-10-22T18:15:13Z</dc:date>
3498 </item>
3499 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9779">
3500 <title>CVE-2020-9779 (mac_os_x)</title>
3501 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9779</link>
3502 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory.</description>
3503 <dc:date>2020-10-22T18:15:13Z</dc:date>
3504 </item>
3505 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9786">
3506 <title>CVE-2020-9786 (mac_os_x)</title>
3507 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9786</link>
3508 <description>This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.</description>
3509 <dc:date>2020-10-27T21:15:15Z</dc:date>
3510 </item>
3511 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9787">
3512 <title>CVE-2020-9787 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3513 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9787</link>
3514 <description>A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.</description>
3515 <dc:date>2020-10-22T18:15:13Z</dc:date>
3516 </item>
3517 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9796">
3518 <title>CVE-2020-9796 (mac_os_x)</title>
3519 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9796</link>
3520 <description>A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.</description>
3521 <dc:date>2020-10-22T18:15:13Z</dc:date>
3522 </item>
3523 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9810">
3524 <title>CVE-2020-9810 (mac_os_x)</title>
3525 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9810</link>
3526 <description>A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.</description>
3527 <dc:date>2020-10-22T18:15:13Z</dc:date>
3528 </item>
3529 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9828">
3530 <title>CVE-2020-9828 (mac_os_x)</title>
3531 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9828</link>
3532 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.</description>
3533 <dc:date>2020-10-22T18:15:13Z</dc:date>
3534 </item>
3535 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9853">
3536 <title>CVE-2020-9853 (mac_os_x)</title>
3537 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9853</link>
3538 <description>A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout.</description>
3539 <dc:date>2020-10-22T18:15:13Z</dc:date>
3540 </item>
3541 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9854">
3542 <title>CVE-2020-9854 (ipad_os, iphone_os, mac_os_x, tvos)</title>
3543 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9854</link>
3544 <description>A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges.</description>
3545 <dc:date>2020-10-22T18:15:13Z</dc:date>
3546 </item>
3547 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9857">
3548 <title>CVE-2020-9857 (mac_os_x)</title>
3549 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9857</link>
3550 <description>An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.</description>
3551 <dc:date>2020-10-27T21:15:15Z</dc:date>
3552 </item>
3553 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9860">
3554 <title>CVE-2020-9860 (safari)</title>
3555 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9860</link>
3556 <description>A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.</description>
3557 <dc:date>2020-10-27T21:15:15Z</dc:date>
3558 </item>
3559 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9863">
3560 <title>CVE-2020-9863 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3561 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9863</link>
3562 <description>A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.</description>
3563 <dc:date>2020-10-22T18:15:13Z</dc:date>
3564 </item>
3565 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9866">
3566 <title>CVE-2020-9866 (mac_os_x)</title>
3567 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9866</link>
3568 <description>A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A buffer overflow may result in arbitrary code execution.</description>
3569 <dc:date>2020-10-27T21:15:15Z</dc:date>
3570 </item>
3571 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9868">
3572 <title>CVE-2020-9868 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3573 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9868</link>
3574 <description>A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.</description>
3575 <dc:date>2020-10-22T18:15:14Z</dc:date>
3576 </item>
3577 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9869">
3578 <title>CVE-2020-9869 (mac_os_x)</title>
3579 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9869</link>
3580 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.</description>
3581 <dc:date>2020-10-22T18:15:14Z</dc:date>
3582 </item>
3583 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9871">
3584 <title>CVE-2020-9871 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3585 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9871</link>
3586 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3587 <dc:date>2020-10-22T18:15:14Z</dc:date>
3588 </item>
3589 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9872">
3590 <title>CVE-2020-9872 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3591 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9872</link>
3592 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3593 <dc:date>2020-10-22T18:15:14Z</dc:date>
3594 </item>
3595 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9873">
3596 <title>CVE-2020-9873 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3597 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9873</link>
3598 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3599 <dc:date>2020-10-22T18:15:14Z</dc:date>
3600 </item>
3601 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9874">
3602 <title>CVE-2020-9874 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3603 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9874</link>
3604 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3605 <dc:date>2020-10-22T18:15:14Z</dc:date>
3606 </item>
3607 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9875">
3608 <title>CVE-2020-9875 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3609 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9875</link>
3610 <description>An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3611 <dc:date>2020-10-22T18:15:14Z</dc:date>
3612 </item>
3613 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9876">
3614 <title>CVE-2020-9876 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3615 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9876</link>
3616 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.</description>
3617 <dc:date>2020-10-22T18:15:14Z</dc:date>
3618 </item>
3619 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9877">
3620 <title>CVE-2020-9877 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3621 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9877</link>
3622 <description>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3623 <dc:date>2020-10-22T18:15:14Z</dc:date>
3624 </item>
3625 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9879">
3626 <title>CVE-2020-9879 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3627 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9879</link>
3628 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3629 <dc:date>2020-10-22T18:15:14Z</dc:date>
3630 </item>
3631 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9880">
3632 <title>CVE-2020-9880 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3633 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9880</link>
3634 <description>A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3635 <dc:date>2020-10-22T18:15:14Z</dc:date>
3636 </item>
3637 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9881">
3638 <title>CVE-2020-9881 (ipad_os, iphone_os, mac_os_x, watchos)</title>
3639 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9881</link>
3640 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3641 <dc:date>2020-10-22T18:15:15Z</dc:date>
3642 </item>
3643 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9882">
3644 <title>CVE-2020-9882 (ipad_os, iphone_os, mac_os_x, watchos)</title>
3645 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9882</link>
3646 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3647 <dc:date>2020-10-22T18:15:15Z</dc:date>
3648 </item>
3649 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9883">
3650 <title>CVE-2020-9883 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3651 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9883</link>
3652 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3653 <dc:date>2020-10-22T18:15:15Z</dc:date>
3654 </item>
3655 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9887">
3656 <title>CVE-2020-9887 (mac_os_x)</title>
3657 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9887</link>
3658 <description>A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution.</description>
3659 <dc:date>2020-10-22T18:15:15Z</dc:date>
3660 </item>
3661 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9892">
3662 <title>CVE-2020-9892 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3663 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9892</link>
3664 <description>Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.</description>
3665 <dc:date>2020-10-22T18:15:15Z</dc:date>
3666 </item>
3667 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9898">
3668 <title>CVE-2020-9898 (ipad_os, iphone_os, mac_os_x)</title>
3669 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9898</link>
3670 <description>This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.</description>
3671 <dc:date>2020-10-22T18:15:15Z</dc:date>
3672 </item>
3673 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9899">
3674 <title>CVE-2020-9899 (mac_os_x)</title>
3675 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9899</link>
3676 <description>A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.</description>
3677 <dc:date>2020-10-22T18:15:15Z</dc:date>
3678 </item>
3679 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9900">
3680 <title>CVE-2020-9900 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3681 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9900</link>
3682 <description>An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.</description>
3683 <dc:date>2020-10-22T18:15:15Z</dc:date>
3684 </item>
3685 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9901">
3686 <title>CVE-2020-9901 (ipad_os, iphone_os, mac_os_x, tvos)</title>
3687 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9901</link>
3688 <description>An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.</description>
3689 <dc:date>2020-10-22T19:15:14Z</dc:date>
3690 </item>
3691 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9902">
3692 <title>CVE-2020-9902 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3693 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9902</link>
3694 <description>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.</description>
3695 <dc:date>2020-10-22T19:15:14Z</dc:date>
3696 </item>
3697 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9904">
3698 <title>CVE-2020-9904 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3699 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9904</link>
3700 <description>A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.</description>
3701 <dc:date>2020-10-22T19:15:14Z</dc:date>
3702 </item>
3703 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9905">
3704 <title>CVE-2020-9905 (ipad_os, iphone_os, mac_os_x, tvos)</title>
3705 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9905</link>
3706 <description>A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.</description>
3707 <dc:date>2020-10-22T19:15:14Z</dc:date>
3708 </item>
3709 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9906">
3710 <title>CVE-2020-9906 (ipad_os, iphone_os, mac_os_x, watchos)</title>
3711 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9906</link>
3712 <description>A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.</description>
3713 <dc:date>2020-10-22T19:15:14Z</dc:date>
3714 </item>
3715 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9908">
3716 <title>CVE-2020-9908 (mac_os_x)</title>
3717 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9908</link>
3718 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.</description>
3719 <dc:date>2020-10-22T19:15:14Z</dc:date>
3720 </item>
3721 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9919">
3722 <title>CVE-2020-9919 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3723 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9919</link>
3724 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3725 <dc:date>2020-10-22T19:15:14Z</dc:date>
3726 </item>
3727 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9920">
3728 <title>CVE-2020-9920 (ipad_os, iphone_os, mac_os_x, watchos)</title>
3729 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9920</link>
3730 <description>A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.</description>
3731 <dc:date>2020-10-22T19:15:14Z</dc:date>
3732 </item>
3733 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9921">
3734 <title>CVE-2020-9921 (mac_os_x)</title>
3735 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9921</link>
3736 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges.</description>
3737 <dc:date>2020-10-22T19:15:14Z</dc:date>
3738 </item>
3739 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9924">
3740 <title>CVE-2020-9924 (mac_os_x)</title>
3741 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9924</link>
3742 <description>A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.</description>
3743 <dc:date>2020-10-22T19:15:14Z</dc:date>
3744 </item>
3745 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9927">
3746 <title>CVE-2020-9927 (mac_os_x)</title>
3747 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9927</link>
3748 <description>A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.</description>
3749 <dc:date>2020-10-22T19:15:15Z</dc:date>
3750 </item>
3751 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9928">
3752 <title>CVE-2020-9928 (mac_os_x)</title>
3753 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9928</link>
3754 <description>Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.</description>
3755 <dc:date>2020-10-22T19:15:15Z</dc:date>
3756 </item>
3757 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9929">
3758 <title>CVE-2020-9929 (mac_os_x)</title>
3759 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9929</link>
3760 <description>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory.</description>
3761 <dc:date>2020-10-22T19:15:15Z</dc:date>
3762 </item>
3763 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9935">
3764 <title>CVE-2020-9935 (mac_os_x)</title>
3765 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9935</link>
3766 <description>A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user&acirc;&euro;&trade;s account.</description>
3767 <dc:date>2020-10-22T19:15:15Z</dc:date>
3768 </item>
3769 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9937">
3770 <title>CVE-2020-9937 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3771 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9937</link>
3772 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3773 <dc:date>2020-10-22T19:15:15Z</dc:date>
3774 </item>
3775 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9938">
3776 <title>CVE-2020-9938 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3777 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9938</link>
3778 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3779 <dc:date>2020-10-22T19:15:15Z</dc:date>
3780 </item>
3781 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9939">
3782 <title>CVE-2020-9939 (mac_os_x)</title>
3783 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9939</link>
3784 <description>This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.</description>
3785 <dc:date>2020-10-22T19:15:15Z</dc:date>
3786 </item>
3787 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9940">
3788 <title>CVE-2020-9940 (ipad_os, iphone_os, mac_os_x, tvos)</title>
3789 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9940</link>
3790 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3791 <dc:date>2020-10-22T19:15:15Z</dc:date>
3792 </item>
3793 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9941">
3794 <title>CVE-2020-9941 (mac_os_x)</title>
3795 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9941</link>
3796 <description>This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.</description>
3797 <dc:date>2020-10-27T21:15:15Z</dc:date>
3798 </item>
3799 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9961">
3800 <title>CVE-2020-9961 (mac_os_x)</title>
3801 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9961</link>
3802 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3803 <dc:date>2020-10-27T21:15:15Z</dc:date>
3804 </item>
3805 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9973">
3806 <title>CVE-2020-9973 (ipados, iphone_os, mac_os_x)</title>
3807 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9973</link>
3808 <description>An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3809 <dc:date>2020-10-27T21:15:15Z</dc:date>
3810 </item>
3811 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9979">
3812 <title>CVE-2020-9979 (ipados, iphone_os, tvos)</title>
3813 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9979</link>
3814 <description>A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.</description>
3815 <dc:date>2020-10-27T21:15:15Z</dc:date>
3816 </item>
3817 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9980">
3818 <title>CVE-2020-9980 (ipad_os, iphone_os, mac_os_x, tvos, watchos)</title>
3819 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9980</link>
3820 <description>An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution.</description>
3821 <dc:date>2020-10-22T19:15:15Z</dc:date>
3822 </item>
3823 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9982">
3824 <title>CVE-2020-9982 (music)</title>
3825 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9982</link>
3826 <description>This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.</description>
3827 <dc:date>2020-10-27T21:15:16Z</dc:date>
3828 </item>
3829 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9984">
3830 <title>CVE-2020-9984 (icloud, ipad_os, iphone_os, itunes, mac_os_x, tvos, watchos)</title>
3831 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9984</link>
3832 <description>An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.</description>
3833 <dc:date>2020-10-22T19:15:15Z</dc:date>
3834 </item>
3835 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9985">
3836 <title>CVE-2020-9985 (ipados, iphone_os, mac_os_x, watchos)</title>
3837 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9985</link>
3838 <description>A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.</description>
3839 <dc:date>2020-10-22T19:15:15Z</dc:date>
3840 </item>
3841 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9986">
3842 <title>CVE-2020-9986 (mac_os_x)</title>
3843 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9986</link>
3844 <description>A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.</description>
3845 <dc:date>2020-10-22T19:15:15Z</dc:date>
3846 </item>
3847 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9990">
3848 <title>CVE-2020-9990 (mac_os_x)</title>
3849 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9990</link>
3850 <description>A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.</description>
3851 <dc:date>2020-10-22T19:15:15Z</dc:date>
3852 </item>
3853 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9994">
3854 <title>CVE-2020-9994 (ipados, iphone_os, mac_os_x, tvos, watchos)</title>
3855 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9994</link>
3856 <description>A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.</description>
3857 <dc:date>2020-10-22T19:15:16Z</dc:date>
3858 </item>
3859 <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9997">
3860 <title>CVE-2020-9997 (mac_os_x, watchos)</title>
3861 <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9997</link>
3862 <description>An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.</description>
3863 <dc:date>2020-10-22T19:15:16Z</dc:date>
3864 </item>
3865 </rdf:RDF>
3866