CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2020-16001 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
652 CVE-2020-16000 787 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
653 CVE-2020-15999 787 Overflow 2020-11-03 2021-02-11
4.3
None Remote Medium Not required None None Partial
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
654 CVE-2020-15998 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
655 CVE-2020-15997 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
656 CVE-2020-15996 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
657 CVE-2020-15995 787 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
658 CVE-2020-15994 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
659 CVE-2020-15993 416 2020-11-03 2020-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
660 CVE-2020-15992 Bypass 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
661 CVE-2020-15991 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
662 CVE-2020-15990 416 2020-11-03 2021-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
663 CVE-2020-15989 665 +Info 2020-11-03 2021-07-21
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
664 CVE-2020-15988 Exec Code 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page.
665 CVE-2020-15987 416 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.
666 CVE-2020-15986 416 Overflow 2020-11-03 2021-07-21
4.3
None Remote Medium Not required None None Partial
Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
667 CVE-2020-15985 2020-11-03 2021-02-24
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
668 CVE-2020-15984 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.
669 CVE-2020-15983 20 Bypass 2020-11-03 2021-03-11
4.4
None Local Medium Not required Partial Partial Partial
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
670 CVE-2020-15982 +Info 2020-11-03 2021-03-11
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
671 CVE-2020-15981 125 +Info 2020-11-03 2021-03-11
4.3
None Remote Medium Not required Partial None None
Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
672 CVE-2020-15980 Bypass 2020-11-03 2021-03-11
4.6
None Local Low Not required Partial Partial Partial
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
673 CVE-2020-15979 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
674 CVE-2020-15978 20 Bypass 2020-11-03 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
675 CVE-2020-15977 20 +Info 2020-11-03 2021-03-05
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
676 CVE-2020-15976 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
677 CVE-2020-15975 190 Overflow 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
678 CVE-2020-15974 190 Overflow Bypass 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
679 CVE-2020-15973 Bypass 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
680 CVE-2020-15972 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
681 CVE-2020-15971 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
682 CVE-2020-15970 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
683 CVE-2020-15969 416 2020-11-03 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
684 CVE-2020-15968 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
685 CVE-2020-15967 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
686 CVE-2020-15952 79 XSS 2020-11-05 2020-11-12
6.0
None Remote Medium ??? Partial Partial Partial
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.
687 CVE-2020-15951 74 2020-11-05 2021-07-21
4.3
None Remote Medium Not required None Partial None
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.
688 CVE-2020-15950 613 2020-11-05 2020-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
689 CVE-2020-15949 640 2020-11-05 2021-07-21
5.0
None Remote Low Not required None Partial None
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.
690 CVE-2020-15929 77 Exec Code 2020-11-24 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
691 CVE-2020-15928 22 Dir. Trav. 2020-11-24 2020-12-01
5.0
None Remote Low Not required Partial None None
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
692 CVE-2020-15914 79 XSS 2020-11-02 2020-11-12
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.
693 CVE-2020-15783 400 2020-11-12 2021-12-10
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
694 CVE-2020-15710 415 2020-11-19 2020-12-16
3.6
None Local Low Not required Partial None Partial
Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.
695 CVE-2020-15708 732 Exec Code 2020-11-06 2020-11-12
4.6
None Local Low Not required Partial Partial Partial
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
696 CVE-2020-15481 Exec Code 2020-11-13 2020-12-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0.
697 CVE-2020-15437 476 DoS 2020-11-23 2020-12-02
4.9
None Local Low Not required None None Complete
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
698 CVE-2020-15436 416 DoS +Priv 2020-11-23 2020-12-18
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
699 CVE-2020-15349 269 2020-11-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.
700 CVE-2020-15301 1236 2020-11-18 2020-12-02
6.8
None Remote Medium Not required Partial Partial Partial
SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.