CVE-2020-15264 - The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in... read CVE-2020-15264
Published: October 20, 2020; 5:15:12 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH

CVE-2020-4724 - IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to e... read CVE-2020-4724
Published: October 29, 2020; 12:15:15 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2020-4721 - IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to e... read CVE-2020-4721
Published: October 29, 2020; 12:15:14 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2020-4722 - IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to e... read CVE-2020-4722
Published: October 29, 2020; 12:15:15 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2020-4723 - IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to e... read CVE-2020-4723
Published: October 29, 2020; 12:15:15 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2020-4588 - IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.
Published: October 30, 2020; 10:15:13 AM -0400

V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

CVE-2019-4563 - IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes t... read CVE-2019-4563
Published: October 29, 2020; 12:15:12 PM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2019-4547 - IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949.
Published: October 29, 2020; 12:15:12 PM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2020-4584 - IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.
Published: October 30, 2020; 10:15:12 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2020-4864 - IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.
Published: October 29, 2020; 12:15:15 PM -0400

V3.1: 4.3 MEDIUM
V2.0: 3.3 LOW

CVE-2019-14712 - Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
Published: October 23, 2020; 1:15:12 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2019-14715 - Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
Published: October 23, 2020; 1:15:12 AM -0400

V3.1: 6.8 MEDIUM
V2.0: 4.6 MEDIUM

CVE-2020-24710 - Gophish before 0.11.0 allows SSRF attacks.
Published: October 28, 2020; 4:15:13 PM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

CVE-2020-8248 - A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
Published: October 28, 2020; 9:15:12 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

CVE-2020-5145 - SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
Published: October 28, 2020; 7:15:12 AM -0400

V3.1: 8.6 HIGH
V2.0: 6.9 MEDIUM

CVE-2020-9774 - An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encryp... read CVE-2020-9774
Published: October 27, 2020; 5:15:15 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2020-24713 - Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.
Published: October 28, 2020; 4:15:13 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2020-24707 - Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
Published: October 28, 2020; 4:15:13 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH

CVE-2020-24711 - The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
Published: October 28, 2020; 4:15:13 PM -0400

V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2019-8777 - A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local... read CVE-2019-8777
Published: October 27, 2020; 4:15:19 PM -0400

V3.1: 2.4 LOW
V2.0: 2.1 LOW