Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
CVSS Score
6.4
EPSS Score
0.002
Published
2020-11-11
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.
CVSS Score
8.6
EPSS Score
0.007
Published
2020-11-11
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
CVSS Score
8.7
EPSS Score
0.017
Published
2020-11-11
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.
CVSS Score
7.5
EPSS Score
0.02
Published
2020-11-11
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.
CVSS Score
7.1
EPSS Score
0.012
Published
2020-11-11
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.
CVSS Score
8.0
EPSS Score
0.014
Published
2020-11-11
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
CVSS Score
5.3
EPSS Score
0.016
Published
2020-11-11
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
CVSS Score
7.5
EPSS Score
0.036
Published
2020-11-11
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator.
CVSS Score
7.2
EPSS Score
0.016
Published
2020-11-11
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.
CVSS Score
7.2
EPSS Score
0.021
Published
2020-11-11


Contact Us

Shodan ® - All rights reserved