IDCVSSSummaryLast (major) updatePublished
CVE-2020-27654 None
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27657 None
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27658 None
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27651 None
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27653 None
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27655 None
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27650 None
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27648 None
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27652 None
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27656 None
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-27649 None
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
29-10-2020 - 09:15 29-10-2020 - 09:15
CVE-2020-7746 None
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, dur
29-10-2020 - 09:15 29-10-2020 - 08:15
CVE-2020-11489 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to i
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11486 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's envir
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11487 None
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a h
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11616 None
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptograph
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11615 None
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11488 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11484 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to infor
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11483 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lea
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-11485 None
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, cons
29-10-2020 - 04:15 29-10-2020 - 04:15
CVE-2020-24387 None
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in
29-10-2020 - 03:15 19-10-2020 - 20:15
CVE-2020-24388 None
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash t
29-10-2020 - 03:15 19-10-2020 - 20:15
CVE-2020-24265 5.0
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
29-10-2020 - 03:15 19-10-2020 - 15:15
CVE-2020-24266 5.0
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
29-10-2020 - 03:15 19-10-2020 - 15:15
CVE-2013-4786 7.8
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 res
29-10-2020 - 00:15 08-07-2013 - 22:55
CVE-2020-27986 None
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it
28-10-2020 - 23:15 28-10-2020 - 23:15
CVE-2020-11853 None
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Mana
28-10-2020 - 22:15 22-10-2020 - 21:15
CVE-2020-27981 None
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-d
28-10-2020 - 21:15 28-10-2020 - 21:15
CVE-2020-15309 6.9
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected s
28-10-2020 - 21:15 21-08-2020 - 14:15
CVE-2020-3410 6.8
A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system. The attacker must have a va
28-10-2020 - 21:09 21-10-2020 - 19:15
CVE-2020-3455 7.2
A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could ex
28-10-2020 - 20:52 21-10-2020 - 19:15
CVE-2020-3456 6.8
A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device. The vulnerability is due t
28-10-2020 - 20:46 21-10-2020 - 19:15
CVE-2020-3457 7.2
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the
28-10-2020 - 20:36 21-10-2020 - 19:15
CVE-2020-3458 4.6
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local
28-10-2020 - 20:32 21-10-2020 - 19:15
CVE-2020-3499 5.0
A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource
28-10-2020 - 20:25 21-10-2020 - 19:15
CVE-2020-3515 4.3
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These v
28-10-2020 - 20:20 21-10-2020 - 19:15
CVE-2020-25374 None
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24711 None
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24709 None
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24710 None
Gophish before 0.11.0 allows SSRF attacks.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24708 None
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24712 None
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24713 None
Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24707 None
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
28-10-2020 - 20:15 28-10-2020 - 20:15
CVE-2020-24602 4.3
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","sear
28-10-2020 - 20:15 02-09-2020 - 15:15
CVE-2020-24604 4.3
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "search
28-10-2020 - 20:15 02-09-2020 - 15:15
CVE-2020-14445 3.5
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.
28-10-2020 - 20:15 18-06-2020 - 18:15
CVE-2020-14444 3.5
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.
28-10-2020 - 20:15 18-06-2020 - 18:15
CVE-2020-14446 5.8
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists.
28-10-2020 - 20:15 18-06-2020 - 18:15
Back to Top Mark selected
Back to Top