CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2020-17015 20 2020-11-11 2021-07-21
4.3
None Remote Medium Not required None Partial None
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2020-17016, CVE-2020-17060.
602 CVE-2020-17014 269 2020-11-11 2021-07-21
6.6
None Local Low Not required None Complete Complete
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.
603 CVE-2020-17013 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Win32k Information Disclosure Vulnerability
604 CVE-2020-17012 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows Bind Filter Driver Elevation of Privilege Vulnerability
605 CVE-2020-17011 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Windows Port Class Library Elevation of Privilege Vulnerability
606 CVE-2020-17010 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17038.
607 CVE-2020-17007 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows Error Reporting Elevation of Privilege Vulnerability
608 CVE-2020-17006 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17018, CVE-2020-17021.
609 CVE-2020-17005 79 XSS 2020-11-11 2020-11-16
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021.
610 CVE-2020-17004 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows Graphics Component Information Disclosure Vulnerability
611 CVE-2020-17001 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.
612 CVE-2020-17000 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Remote Desktop Protocol Client Information Disclosure Vulnerability
613 CVE-2020-16999 2020-11-11 2020-11-18
2.1
None Local Low Not required Partial None None
Windows WalletService Information Disclosure Vulnerability
614 CVE-2020-16998 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
DirectX Elevation of Privilege Vulnerability
615 CVE-2020-16997 2020-11-11 2020-11-19
4.0
None Remote Low ??? Partial None None
Remote Desktop Protocol Server Information Disclosure Vulnerability
616 CVE-2020-16994 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.
617 CVE-2020-16993 269 2020-11-11 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16992.
618 CVE-2020-16992 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16989, CVE-2020-16993.
619 CVE-2020-16991 Exec Code 2020-11-11 2020-11-20
2.1
None Local Low Not required None Partial None
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994.
620 CVE-2020-16990 732 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985.
621 CVE-2020-16989 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16992, CVE-2020-16993.
622 CVE-2020-16988 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993.
623 CVE-2020-16987 Exec Code 2020-11-11 2020-12-01
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16991, CVE-2020-16994.
624 CVE-2020-16986 DoS 2020-11-11 2020-11-20
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
625 CVE-2020-16985 908 2020-11-11 2020-11-20
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16990.
626 CVE-2020-16984 Exec Code 2020-11-11 2020-12-01
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994.
627 CVE-2020-16983 2020-11-11 2020-12-01
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Tampering Vulnerability
628 CVE-2020-16982 Exec Code 2020-11-11 2020-11-20
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994.
629 CVE-2020-16981 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16988, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993.
630 CVE-2020-16979 2020-11-11 2020-11-16
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17017.
631 CVE-2020-16970 415 Exec Code 2020-11-11 2020-11-23
7.2
None Local Low Not required Complete Complete Complete
Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994.
632 CVE-2020-16850 400 DoS 2020-11-30 2021-07-21
7.8
None Remote Low Not required None None Complete
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
633 CVE-2020-16849 2020-11-30 2020-12-04
5.0
None Remote Low Not required Partial None None
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.
634 CVE-2020-16846 78 2020-11-06 2022-01-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
635 CVE-2020-16273 191 2020-11-12 2020-12-01
7.2
None Local Low Not required Complete Complete Complete
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension.
636 CVE-2020-16127 835 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.
637 CVE-2020-16126 2020-11-11 2020-11-24
2.1
None Local Low Not required None None Partial
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
638 CVE-2020-16125 754 2020-11-10 2020-11-24
4.6
None Local Low Not required Partial Partial Partial
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
639 CVE-2020-16122 2020-11-07 2021-04-14
2.1
None Local Low Not required None Partial None
PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
640 CVE-2020-16121 209 2020-11-07 2020-11-18
2.1
None Local Low Not required Partial None None
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
641 CVE-2020-16011 787 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
642 CVE-2020-16010 787 Overflow 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
643 CVE-2020-16009 787 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
644 CVE-2020-16008 787 Overflow 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
645 CVE-2020-16007 20 2020-11-03 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
646 CVE-2020-16006 787 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
647 CVE-2020-16005 787 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
648 CVE-2020-16004 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
649 CVE-2020-16003 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
650 CVE-2020-16002 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.