CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2020-2315 611 2020-11-04 2020-11-10
4.0
None Remote Low ??? Partial None None
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
1152 CVE-2020-2314 256 2020-11-04 2020-11-10
2.1
None Local Low Not required Partial None None
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
1153 CVE-2020-2313 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? Partial None None
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
1154 CVE-2020-2312 522 2020-11-04 2020-11-10
4.0
None Remote Low ??? Partial None None
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.
1155 CVE-2020-2311 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.
1156 CVE-2020-2310 862 2020-11-04 2020-11-10
4.0
None Remote Low ??? Partial None None
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
1157 CVE-2020-2309 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? Partial None None
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
1158 CVE-2020-2308 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? Partial None None
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
1159 CVE-2020-2307 200 +Info 2020-11-04 2020-11-09
4.0
None Remote Low ??? Partial None None
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
1160 CVE-2020-2306 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? Partial None None
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
1161 CVE-2020-2305 611 2020-11-04 2020-11-10
4.0
None Remote Low ??? Partial None None
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
1162 CVE-2020-2304 611 2020-11-04 2020-11-10
4.0
None Remote Low ??? Partial None None
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
1163 CVE-2020-2303 352 CSRF 2020-11-04 2020-11-06
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.
1164 CVE-2020-2302 862 2020-11-04 2020-11-06
4.0
None Remote Low ??? Partial None None
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.
1165 CVE-2020-2301 287 2020-11-04 2020-11-09
7.5
None Remote Low Not required Partial Partial Partial
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
1166 CVE-2020-2300 287 2020-11-04 2020-11-09
7.5
None Remote Low Not required Partial Partial Partial
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
1167 CVE-2020-2299 287 2020-11-04 2020-11-10
7.5
None Remote Low Not required Partial Partial Partial
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
1168 CVE-2020-2050 287 Bypass 2020-11-12 2020-11-24
6.4
None Remote Low Not required Partial Partial None
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
1169 CVE-2020-2048 532 2020-11-12 2020-11-16
2.1
None Local Low Not required Partial None None
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.
1170 CVE-2020-2022 269 +Priv 2020-11-12 2020-11-16
5.1
None Remote High Not required Partial Partial Partial
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.
1171 CVE-2020-2000 78 Exec Code Mem. Corr. 2020-11-12 2020-11-16
9.0
None Remote Low ??? Complete Complete Complete
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.
1172 CVE-2020-1999 754 2020-11-12 2020-11-16
5.0
None Remote Low Not required None Partial None
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.
1173 CVE-2020-1909 416 Exec Code Mem. Corr. 2020-11-03 2020-11-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
1174 CVE-2020-1908 552 2020-11-03 2020-11-13
2.1
None Local Low Not required None Partial None
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
1175 CVE-2020-1847 DoS 2020-11-13 2020-11-30
5.0
None Remote Low Not required None None Partial
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.
1176 CVE-2020-1778 287 2020-11-23 2020-12-03
4.0
None Remote Low ??? Partial None None
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
1177 CVE-2020-1599 2020-11-11 2020-11-24
2.1
None Local Low Not required None Partial None
Windows Spoofing Vulnerability
1178 CVE-2020-1325 2020-11-11 2020-11-24
5.5
None Remote Low ??? Partial Partial None
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
1179 CVE-2020-0599 2020-11-13 2020-11-30
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
1180 CVE-2020-0593 119 Overflow 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
1181 CVE-2020-0592 787 DoS 2020-11-12 2020-11-19
4.6
None Local Low Not required Partial Partial Partial
Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
1182 CVE-2020-0591 119 Overflow 2020-11-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
1183 CVE-2020-0590 20 2020-11-12 2021-05-11
4.6
None Local Low Not required Partial Partial Partial
Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
1184 CVE-2020-0588 754 2020-11-12 2020-11-19
4.6
None Local Low Not required Partial Partial Partial
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
1185 CVE-2020-0587 754 2020-11-12 2020-11-19
4.6
None Local Low Not required Partial Partial Partial
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
1186 CVE-2020-0584 120 DoS Overflow 2020-11-12 2020-11-19
2.1
None Local Low Not required None None Partial
Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.
1187 CVE-2020-0575 119 Overflow 2020-11-12 2021-07-21
2.1
None Local Low Not required Partial None None
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
1188 CVE-2020-0573 125 2020-11-12 2020-11-30
2.1
None Local Low Not required Partial None None
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.
1189 CVE-2020-0572 20 2020-11-12 2020-11-20
4.6
None Local Low Not required Partial Partial Partial
Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access.
1190 CVE-2020-0569 787 DoS 2020-11-23 2021-10-14
2.7
None Local Network Low ??? None None Partial
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
1191 CVE-2020-0454 732 Bypass 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-161370134
1192 CVE-2020-0453 276 Bypass 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
1193 CVE-2020-0452 190 Exec Code Overflow 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
1194 CVE-2020-0451 787 Exec Code Overflow 2020-11-10 2020-11-10
9.3
None Remote Medium Not required Complete Complete Complete
In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825
1195 CVE-2020-0450 665 2020-11-10 2021-07-21
4.3
None Remote Medium Not required Partial None None
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336
1196 CVE-2020-0449 416 Exec Code Mem. Corr. 2020-11-10 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143
1197 CVE-2020-0448 276 2020-11-10 2021-07-21
2.1
None Local Low Not required Partial None None
In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334
1198 CVE-2020-0447 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617
1199 CVE-2020-0446 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528
1200 CVE-2020-0445 2020-11-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.