CVE-2020-5572

Android App ‘Mailwise for Android’ 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.

Source: CVE-2020-5572

CVE-2020-13693

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

Source: CVE-2020-13693

CVE-2020-13173

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.

Source: CVE-2020-13173

CVE-2020-11082

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links.

This has been fixed in 1.2.1.

Source: CVE-2020-11082

CVE-2019-6342

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled.
This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Source: CVE-2019-6342

CVE-2020-5357

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Source: CVE-2020-5357

CVE-2020-13660

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.

Source: CVE-2020-13660

CVE-2020-11079

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.

Source: CVE-2020-11079

CVE-2020-13245

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

Source: CVE-2020-13245

CVE-2020-8330

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.

Source: CVE-2020-8330